Meta VR headsets vulnerable to “inception attacks”

VR headsets - Security Vulnerability

These device attacks can trap users in an artificial virtual reality environment.

Researchers examining the Meta VR headsets have identified a possible major security vulnerability, according to a recently published study.

The virtual reality security researchers were part of a University of Chicago team

The research team discovered a way that the Meta Quest VR headsets could be hacked without the knowledge of the user. This gave the researchers control over the VR environment of the user, through which they could not only steal data but also manipulate the way users were interacting with each other.

VR headsets - Cyberattack

The team labeled this type of cyberattack as an “inception attack”. They described this type of hacking as “an attack where the attacker controls and manipulates the user’s interaction with their VR environment, by trapping the user inside a single, malicious VR application that masquerades as the full VR system.”

The VR headsets research arrives as Mark Zuckerberg has been bashing the Apple Vision Pro

The results of the security vulnerability research have arrived at the same time that Meta CEO Mark Zuckerberg has been continuing his negative statements about the Apple Vision Pro rival device. 

It is important to point out that the research has yet to be peer reviewed but has been reported in the MIT Technology Review.

To be able to successfully conduct an inception attack, hackers must be working on the same WiFi network as the virtual reality device user, said the study’s authors. Moreover, the goggles had to be in developer mode, which many Meta Quest users choose so that they will have access to third-party apps, screenshot taking, and resolution adjustments, according to the researchers.

Once those boxes had been checked, the door was open for researchers to plant malware into the VR headsets, making it possible to install fake home screens that appeared the same as the original except that the hacking researchers had complete control.

In essence, that artificial home screen was a simulation inside a simulation, hence the name of the attack.

“While the user thinks they are interacting normally with different VR applications, they are in fact interacting within a simulated world, where everything they see and hear has been intercepted, relayed, and possibly altered by the attacker,” explained the researchers.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.