The new possibilities of virtual reality (VR) and augmented reality (AR) have opened doors for hackers, according to computer scientists from the University of California, Riverside. Their findings will be presented at the annual Usenix Cybersecurity Symposium in Anaheim.
Leading technology giants like Facebook, headed by Mark Zuckerberg, are actively developing emerging hardware technologies that use special helmets to interpret users’ body movements for navigation in AR and VR worlds. However, studies have shown that spy programs can observe and record every user movement with an accuracy of 90% or higher.
“We show that if you run several applications, and one of them is harmful, it can spy on the others,” said Professor Nael Abu Gazalekh. Spy software can transmit information about the user’s interaction with the helmet and the environment.
Two articles providing a detailed description of this issue have been published: “Everything is in your head (helmet): Lateral Attacks on AR/VR” and “Forward Movement: Maintaining the Keyboard in AR/VR from the Movements of the User’s Head“. The first article explains how hackers can recognize gestures, voice commands, and keystrokes on the virtual keyboard. The second article discusses the security risks associated with using a virtual keyboard and demonstrates how spies can identify the text entered by the user.
The scientists hope that their research will help the technology industry become aware of its vulnerabilities in the field of cybersecurity. “We demonstrate the capabilities of attacks and then carry out a responsible disclosure,” emphasized Abu Gazalekh, explaining that companies will be given time to correct vulnerabilities before the research is published.