A group of computer experts from the University of Chicago has discovered a potential weakness in virtual reality (VR) technology that could leave users vulnerable to malicious attacks.
Their findings, published on the arXiv preprint server, reveal a potential
VR systems provide a simulated world where anything is possible, allowing users to interact in a virtual environment.
The research team imagined a scenario where hackers could manipulate this virtual world by installing a deceptive app on the user's VR headset.
This app would trick the user into revealing sensitive information that could be exploited by the hackers.
The concept of this app is similar to the plot in the movie "Inception," where a character's reality is altered by downloading a new layer into their brain.
In this case, the inception layer would act as a bridge between the user and the virtual world, allowing hackers to record, intercept, or alter information at their will.
For example, the app could capture a user's passcode for a virtual ATM or change the amount of money designated for a purchase and redirect it to the hacker's account.
Moreover, the app could also manipulate the virtual world, adding images of familiar characters to gain trust and access personal information.
It could even monitor the user's actions, gestures, voice, and social or business interactions, making it a powerful tool for hackers.
To install the app, hackers would need to gain access to the user's WiFi network or physically access their VR device.
Once installed, the app would run unnoticed, giving hackers complete control over the user's VR experience.
To test this possibility, the research team enlisted 28 volunteers to play a game using a demonstration VR headset.
They then downloaded the app onto the devices and asked the volunteers if they noticed anything unusual.
Only 10 of them noticed a slight flickering, and only one questioned the legitimacy of the download.
The researchers have informed Meta, the company behind the Meta Quest VR system used in the experiment, of their findings.
Meta responded by stating that they will investigate the potential vulnerability and take steps to fix it.
The researchers also warn that similar weaknesses may exist in other systems and apps that attempt to insert themselves between users and their VR devices.