VR headsets can trap you in virtual worlds – study
Virtual reality or VR can generate nearly anything we could imagine, from picturesque foreign locations to fantastical fictional worlds. Many feared we wouldn’t want to leave our VR spaces, but what if you could never leave?
A recent study proves hackers could trap us in VR, and we would be none the wiser. University of Chicago researchers made this scenario possible, letting them manipulate what a VR headset user sees without knowing.
How do you trap someone in VR?
'Inception attacks' on Meta VR headsets can trap users in a fake VR environment, researchers found https://t.co/pxjw4QH0Z3
— Business Insider (@BusinessInsider) March 13, 2024
MIT Technology Review reported on this amazing feat. The researchers exploited the Meta Quest headset’s developer mode to execute “inception attacks.”
They involve manipulating a VR goggle user’s interactions and interface. The experts based the name on Christopher Nolan’s 2010 film, “Inception.”
Hackers aren’t using this method yet, and it is difficult to perform because it requires access to a victim’s Wi-Fi network.
The researchers created an app that injects malicious code into the VR headset. Then, it launches a fake of the VR system’s home screen and apps.
The clone lets attackers see, record, and modify everything a person does with the headset.
Specifically, they could view tracking voice, keystrokes, gestures, browsing activity, and social interactions.
A hacker can also change the content of a user’s messages to other people. Computer science professor Heather Zheng and her team were behind this research.
They tested their method by having 27 VR experts play Beat Saber, a game that involves hitting blocks with glow sticks in sync with a song.
READ: Should you get a VR headset?
Zheng and her team told the respondents to report their experiences. Meanwhile, they launched an inception attack without them knowing.
Only 10 noticed a small “glitch” when the attack occurred, and only one cited suspicious activity. The rest did not notice any issues.
They concluded that victims have no means of identifying inception attacks when they’re in virtual reality. Hence, Zheng concluded that the only solution is to restore a VR headset to factory settings to remove hacked apps.
