The researchers said they reported the vulnerabilities to the VR developers, which fixed them. But these bugs show that VR developers have a lot of work to do to secure their users.
“When you get hacked in virtual reality you can definitely feel that yourself. The attacker has complete access to your senses,” Pettersson said in a phone call. “He can see through your eyes—the headsets have cameras. He can hear what you're saying—they have microphones. He can project images into your retina. He can modify this virtual world in any way he wants.” Have a tip about a data breach or a security incident? You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at email@example.com, or email firstname.lastname@example.org Petterson and Radocea said that the VRChat and Steam VR vulnerabilities were particularly dangerous.
By embedding an exploit in a chat room, all a hacker had to do was invite people to it to take over their computers. At that point, the hacker could turn on their webcams, microphones, or manipulate what they see within their VR headset. Hackers could have even made this into a worm, a self-spreading VR malware that infected anyone who entered a chat room, and then invited all their friends to enter the malicious chat room—potentially reaching all VRChat or Steam VR users, just like the infamous MySpace worm did in 2005 .
Google Cardboard Was a Side Project. The Google Cardboard platform was developed by David Coz and Damien Henry. The two engineers developed the project as part of Google’s”innovation time off” program in which engineers are encouraged to spend 20 percent of their time working on projects that interest them. Thankfully, Google backed the project, and Google Cardboard is now one of the cornerstones of scalable virtual reality.
“[Hackers could] create a program that invites all of their friends into the room and once they get infected, it also invites all their contacts into the room,” Radocea said.
Benefits of Virtual Reality
The researchers made a demo video showing how a hack like this would look like.VRChat, Valve, and High Fidelity did not immediately respond to a request for comment.
Radocea and Petterson said their research serves as a warning to VR makers to step up their security game and make sure their platforms are not easily exploitable.
The First Time Is Not Easy. Most people who have tried virtual reality once would like to experience it again. However, for most people, the first time is not an easy process as it usually requires some sort of adjustment. Some people say that after their first virtual reality experience, they felt very disjointed. Others complained about motion sickness. However, once they have tried virtual reality for a second time, they adjust well to the experience until they get so used to it.
to our new cybersecurity podcast,CYBER.