homehome Home chatchat Notifications


How vulnerable are VR headsets to hacking?

From keystrokes to hand gestures, hackers can glean a lot of private information during your VR experience.

Tibi Puiu
August 9, 2023 @ 9:14 pm

share Share

Credit: Pixabay.

Virtual reality headsets are touted as gateways to a whole new experience of the digital domain, yet like all connected devices they come with an inevitable hitch — a vulnerability to hackers. A new study is raising new concerns that these headsets may be highly vulnerable to potential security breaches facilitated by their hardware and interface systems.

Case in point, computer scientists at the University of California, Riverside, have shown that VR headsets can be hacked by spyware that exploits the subtleties of our body movements to steal sensitive information and breach privacy.

Augmented reality (AR) and virtual reality (VR) are poised to become the next chapter of our internet journey, enveloping us in digital landscapes that promise experiences ranging from gaming to business interactions.

These digital dimensions rely heavily on headsets that translate our physical gestures into navigational cues—turning, nodding, stepping, and blinking guide us through these parallel universes. Oculus Quest, for example, also supports voice dictation for entering web addresses, controlling the headset, and exploring commercial products. However, researchers have found that this interplay of technology leaves a back door open for potential hackers.

Researchers led by Jiasi Chen and Nael Abu-Ghazaleh revealed how malicious actors can exploit the unique interactions facilitated by these headsets. Using spyware and advanced artificial intelligence, they can covertly monitor and record users’ gestures, translating these subtle movements into words with an astonishing accuracy of 90% or higher. Hackers could potentially accurately estimate the proximity of nearby individuals within a margin of just about 4 inches (10.3 cm).

“In essence, our findings indicate that if one of the applications is compromised, it can covertly surveil other applications,” explains Abu-Ghazaleh. “This includes monitoring your surroundings, detecting the presence of people nearby and their distance, as well as uncovering your interactions within the virtual environment.”

The implications of these vulnerabilities are startling. Imagine taking a pause from an engrossing virtual game to check your Facebook messages using a virtual keyboard. The spyware could stealthily capture your keystrokes, potentially compromising sensitive information. Similarly, during a virtual meeting where confidential data is shared, the minutiae of your body movements could inadvertently leak crucial information to prying eyes.

For instance, hackers could use TyPose, a system leveraging machine learning to decipher head motion signals and automatically decipher the words or characters users are inputting. That’s quite concerning, which is why the researchers hope that their ethical hacking experiment may serve as a clarion call to the tech industry, which will hopefully work to patch these vulnerabilities.

Meta, the company behind Facebook but also Metaverse headsets like the Oculus Quest, is offering bounties of up to $300,000 to ethical hackers who can find vulnerabilities that could allow an attacker to execute malware or take control of a device.

“Our intention is to showcase the potential for attacks, and then provide the companies with a window to address these vulnerabilities before we make our findings public,” Abu-Ghazaleh asserts in a media statement.

The findings appeared in two papers (1 and 2) that were presented this week at the annual Usenix Security Symposium in Anaheim.

share Share

What's Seasonal Body Image Dissatisfaction and How Not to Fall into Its Trap

This season doesn’t have to be about comparison or self-criticism.

Why a 20-Minute Nap Could Be Key to Unlocking 'Eureka!' Moments Like Salvador Dalí

A 20-minute nap can boost your chances of a creative breakthrough, according to new research.

The world's oldest boomerang is even older than we thought, but it's not Australian

The story of the boomerang goes back in time even more.

Swarms of tiny robots could go up your nose, melt the mucus and clean your sinuses

The "search-and-destroy” microrobot system can chemically shred the resident bacterial biofilm.

What if Every Roadkill Had a Memorial?

Road ecology, the scientific study of how road networks impact ecosystems, presents a perfect opportunity for community science projects.

Fireball Passes Over Southeastern United States

It’s a bird! It’s a plane! It’s… a bolide!

What side do cats prefer to sleep on? The left side, and there's a good reason for that

The fluffier side of science.

This Bear Lived Two Years With a Barrel Lid Stuck on Its Neck Before Finally Being Freed

A Michigan bear wore a plastic ring for two years. Somehow, it’s doing just fine.

The James Webb telescope just found a planet by actually ‘seeing’ it

It's exactly what we were hoping from JWST.

Is Being Filthy Rich Immoral? It Depends Who You Ask

The world's 8 richest people have more wealth than the poorest few billion.