Three years of MarineVerse
Three years of MarineVerse
Mixed Reality Enhances Both Physical And Virtual Worlds
Mixed Reality Enhances Both Physical And Virtual Worlds
Firefox Reality VR Update Vastly Improves Online Virtual Reality Experience
Firefox Reality VR Update Vastly Improves Online Virtual Reality Experience
Virtual Reality Has Reached A “Tipping Point.” It’s Officially Here to Stay.
Virtual Reality Has Reached A “Tipping Point.” It’s Officially Here to Stay.
Choosing a Headset for Virtual Reality Gaming
Choosing a Headset for Virtual Reality Gaming

Hackers Hijacked VR Chatrooms to Manipulate Users' Reality

VR Cover
Image: Screengrab/MotherboardBy taking advantage of unknown vulnerabilities, hackers could have hacked into people’s computers just by having them join a chat room in the popular virtual reality applications Steam VR and VRChat.

Security researchers Alex Radocea and Philip Pettersson found vulnerabilities in three different virtual reality platforms that would have allowed hackers to take over the target’s computer, as the researchers explained in a talk at the Recon hacking conference in Montreal last week. The vulnerabilities were in VRChat , the virtual home feature of Valve's Steam VR , and High Fidelity, an open-source platform for virtual reality.

The researchers said they reported the vulnerabilities to the VR developers, which fixed them. But these bugs show that VR developers have a lot of work to do to secure their users.

“When you get hacked in virtual reality you can definitely feel that yourself. The attacker has complete access to your senses,” Pettersson said in a phone call. “He can see through your eyes—the headsets have cameras. He can hear what you're saying—they have microphones. He can project images into your retina. He can modify this virtual world in any way he wants.” Have a tip about a data breach or a security incident? You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@vice.com Petterson and Radocea said that the VRChat and Steam VR vulnerabilities were particularly dangerous.

Google Cardboard Was a Side Project. The Google Cardboard platform was developed by David Coz and Damien Henry. The two engineers developed the project as part of Google’s”innovation time off” program in which engineers are encouraged to spend 20 percent of their time working on projects that interest them. Thankfully, Google backed the project, and Google Cardboard is now one of the cornerstones of scalable virtual reality.

By embedding an exploit in a chat room, all a hacker had to do was invite people to it to take over their computers. At that point, the hacker could turn on their webcams, microphones, or manipulate what they see within their VR headset. Hackers could have even made this into a worm, a self-spreading VR malware that infected anyone who entered a chat room, and then invited all their friends to enter the malicious chat room—potentially reaching all VRChat or Steam VR users, just like the infamous MySpace worm did in 2005 .

“[Hackers could] create a program that invites all of their friends into the room and once they get infected, it also invites all their contacts into the room,” Radocea said.

The researchers made a demo video showing how a hack like this would look like.

VRChat, Valve, and High Fidelity did not immediately respond to a request for comment.

Radocea and Petterson said their research serves as a warning to VR makers to step up their security game and make sure their platforms are not easily exploitable.

The First Time Is Not Easy. Most people who have tried virtual reality once would like to experience it again. However, for most people, the first time is not an easy process as it usually requires some sort of adjustment. Some people say that after their first virtual reality experience, they felt very disjointed. Others complained about motion sickness. However, once they have tried virtual reality for a second time, they adjust well to the experience until they get so used to it.

to our new cybersecurity podcast,CYBER.

We saw virtual reality's bright future at CES 2019
We saw virtual reality's bright future at CES 2019
Mark Zuckerberg says virtual reality is better than the ‘limited’ real world
Mark Zuckerberg says virtual reality is better than the ‘limited’ real world
18 Most-Read ARPost AR and VR Articles of 2018
18 Most-Read ARPost AR and VR Articles of 2018
6 Brands That Use AR and VR Advertising Successfully
6 Brands That Use AR and VR Advertising Successfully