homehome Home chatchat Notifications


How vulnerable are VR headsets to hacking?

From keystrokes to hand gestures, hackers can glean a lot of private information during your VR experience.

Tibi Puiu
August 9, 2023 @ 9:14 pm

share Share

Credit: Pixabay.

Virtual reality headsets are touted as gateways to a whole new experience of the digital domain, yet like all connected devices they come with an inevitable hitch — a vulnerability to hackers. A new study is raising new concerns that these headsets may be highly vulnerable to potential security breaches facilitated by their hardware and interface systems.

Case in point, computer scientists at the University of California, Riverside, have shown that VR headsets can be hacked by spyware that exploits the subtleties of our body movements to steal sensitive information and breach privacy.

Augmented reality (AR) and virtual reality (VR) are poised to become the next chapter of our internet journey, enveloping us in digital landscapes that promise experiences ranging from gaming to business interactions.

These digital dimensions rely heavily on headsets that translate our physical gestures into navigational cues—turning, nodding, stepping, and blinking guide us through these parallel universes. Oculus Quest, for example, also supports voice dictation for entering web addresses, controlling the headset, and exploring commercial products. However, researchers have found that this interplay of technology leaves a back door open for potential hackers.

Researchers led by Jiasi Chen and Nael Abu-Ghazaleh revealed how malicious actors can exploit the unique interactions facilitated by these headsets. Using spyware and advanced artificial intelligence, they can covertly monitor and record users’ gestures, translating these subtle movements into words with an astonishing accuracy of 90% or higher. Hackers could potentially accurately estimate the proximity of nearby individuals within a margin of just about 4 inches (10.3 cm).

“In essence, our findings indicate that if one of the applications is compromised, it can covertly surveil other applications,” explains Abu-Ghazaleh. “This includes monitoring your surroundings, detecting the presence of people nearby and their distance, as well as uncovering your interactions within the virtual environment.”

The implications of these vulnerabilities are startling. Imagine taking a pause from an engrossing virtual game to check your Facebook messages using a virtual keyboard. The spyware could stealthily capture your keystrokes, potentially compromising sensitive information. Similarly, during a virtual meeting where confidential data is shared, the minutiae of your body movements could inadvertently leak crucial information to prying eyes.

For instance, hackers could use TyPose, a system leveraging machine learning to decipher head motion signals and automatically decipher the words or characters users are inputting. That’s quite concerning, which is why the researchers hope that their ethical hacking experiment may serve as a clarion call to the tech industry, which will hopefully work to patch these vulnerabilities.

Meta, the company behind Facebook but also Metaverse headsets like the Oculus Quest, is offering bounties of up to $300,000 to ethical hackers who can find vulnerabilities that could allow an attacker to execute malware or take control of a device.

“Our intention is to showcase the potential for attacks, and then provide the companies with a window to address these vulnerabilities before we make our findings public,” Abu-Ghazaleh asserts in a media statement.

The findings appeared in two papers (1 and 2) that were presented this week at the annual Usenix Security Symposium in Anaheim.

share Share

A New AI Tool Can Recreate Your Face Using Nothing But Your DNA

New AI built by Chinese scientists can create 3D faces from DNA with alarming accuracy.

How Some Flowers Evolved the Grossest Stench — and Why Flies Love It

Flowers keep making the same mutation time and time again.

People Living Near Golf Courses Face Double the Risk of Parkinson’s

The strong pesticides sprayed on golf courses leech into the groundwater and scientists suspect this could increase the risk of Parkinson's.

He Let Snakes Bite Him Over 200 Times and Now Scientists Want His Blood for an Universal Antivenom

A universal snakebite treatment may be within reach, thanks to an unlikely human experiment.

These companies want to make hand bags out of T-rex leather. But scientists aren't buying it

A lab-grown leather inspired by dinosaur skin sparks excitement—and scientific skepticism

This car-sized "millipede" was built like a tank — and had the face to go with it

A Carboniferous beast is showing its face.

9 Environmental Stories That Don't Get as Much Coverage as They Should

From whales to soil microbes, our planet’s living systems are fraying in silence.

Scientists Find CBD in a Common Brazilian Shrub That's Not Cannabis

This wild plant grows across South America and contains CBD.

Spruce Trees Are Like Real-Life Ents That Anticipate Solar Eclipse Hours in Advance and Sync Up

Trees sync their bioelectric signals like they're talking to each other.

The Haast's Eagle: The Largest Known Eagle Hunted Prey Fifteen Times Its Size

The extinct bird was so powerful it could kill a 400-pound animal with its talons.