The researchers said they reported the vulnerabilities to the VR developers, which fixed them. But these bugs show that VR developers have a lot of work to do to secure their users.
“When you get hacked in virtual reality you can definitely feel that yourself. The attacker has complete access to your senses,” Pettersson said in a phone call. “He can see through your eyes—the headsets have cameras. He can hear what you're saying—they have microphones. He can project images into your retina. He can modify this virtual world in any way he wants.” Have a tip about a data breach or a security incident? You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at [email protected], or email [email protected] Petterson and Radocea said that the VRChat and Steam VR vulnerabilities were particularly dangerous.
By embedding an exploit in a chat room, all a hacker had to do was invite people to it to take over their computers. At that point, the hacker could turn on their webcams, microphones, or manipulate what they see within their VR headset. Hackers could have even made this into a worm, a self-spreading VR malware that infected anyone who entered a chat room, and then invited all their friends to enter the malicious chat room—potentially reaching all VRChat or Steam VR users, just like the infamous MySpace worm did in 2005 .
Major Brands Are Investing in VR. About 75 percent of the Forbes World’s Most Valuable Brands have created some form of virtual reality or augmented reality experience for customers or employees, or are themselves developing these technologies. Given that this study was conducted in October 2015, the number is likely significantly higher.
“[Hackers could] create a program that invites all of their friends into the room and once they get infected, it also invites all their contacts into the room,” Radocea said.
Virtual reality can help with training, where people can gain new skills without endangering the lives of others. Learning new experiences becomes more vivid and memorable as users can interact with a virtual world, beyond books and web pages. There are mutiple experiences which help people learn in virtual reality.
The researchers made a demo video showing how a hack like this would look like.VRChat, Valve, and High Fidelity did not immediately respond to a request for comment.
Radocea and Petterson said their research serves as a warning to VR makers to step up their security game and make sure their platforms are not easily exploitable.
The VR Bandwagon. With hundreds upon thousands of people wanting to get their hands on a VR device that was still in development, huge companies, including giants like HTC and Steam, Google, Lionsgate and Samsung, among others, started heavily investing in virtual reality technologies and experiences.
to our new cybersecurity podcast,CYBER.