VR headsets can trap you in virtual worlds – study

VR headsets can trap you in virtual worlds – study

/ 11:30 AM March 18, 2024

Virtual reality or VR can generate nearly anything we could imagine, from picturesque foreign locations to fantastical fictional worlds. Many feared we wouldn’t want to leave our VR spaces, but what if you could never leave? 

A recent study proves hackers could trap us in VR, and we would be none the wiser. University of Chicago researchers made this scenario possible, letting them manipulate what a VR headset user sees without knowing.

How do you trap someone in VR?

MIT Technology Review reported on this amazing feat. The researchers exploited the Meta Quest headset’s developer mode to execute “inception attacks.” 

They involve manipulating a VR goggle user’s interactions and interface. The experts based the name on Christopher Nolan’s 2010 film, “Inception.”


Hackers aren’t using this method yet, and it is difficult to perform because it requires access to a victim’s Wi-Fi network. 

The researchers created an app that injects malicious code into the VR headset. Then, it launches a fake of the VR system’s home screen and apps. 

The clone lets attackers see, record, and modify everything a person does with the headset. 

Specifically, they could view tracking voice, keystrokes, gestures, browsing activity, and social interactions. 


A hacker can also change the content of a user’s messages to other people. Computer science professor Heather Zheng and her team were behind this research. 

They tested their method by having 27 VR experts play Beat Saber, a game that involves hitting blocks with glow sticks in sync with a song.


READ: Should you get a VR headset?

Zheng and her team told the respondents to report their experiences. Meanwhile, they launched an inception attack without them knowing.

Only 10 noticed a small “glitch” when the attack occurred, and only one cited suspicious activity. The rest did not notice any issues. 

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

They concluded that victims have no means of identifying inception attacks when they’re in virtual reality. Hence, Zheng concluded that the only solution is to restore a VR headset to factory settings to remove hacked apps.

TOPICS: headset, VR
TAGS: headset, VR

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

We use cookies to ensure you get the best experience on our website. By continuing, you are agreeing to our use of cookies. To find out more, please click this link.