VR headsets could be hacked in "Inception-esque" attacks — with attackers able to steal your data without you even noticing

News
By Sead Fadilpašić
published

Metaverse headsets could be easily manipulated, experts warn

Meta Quest 3 headset
(Image credit: Meta)

If someone were to infect your Meta Quest VR headset with malware, they could trick you into seeing things in the virtual world which weren’t real, experts have warned.

Academics from Cornell University recently published a paper describing the possibility of hijacking people’s VR sessions and controlling their interactions with internal applications, external servers, and more. 

As per the paper, hackers could, in theory, insert what they call an “Inception Layer” between the VR Home Screen and the VR User/Server. For example, the victim could open their banking app in virtual reality, and see their usual balance, while being completely bankrupt in reality. The hackers could also, potentially, trick the victim into initiating a wire transfer, while being completely oblivious to what’s actually going on.

VR phishing

Things can get even more crazy when you throw in generative AI, deepfakes, and other upcoming technology. People could end up thinking they were talking with their friends, coworkers, and bosses, in VR, while being taken for all they have, in the background.

While the threats sound ominous, it’s important to note that the researchers didn’t really explore the possibility of compromising these VR headsets. Whether or not they have a vulnerability that could be exploited this way is unknown at the time. What’s more, there is no proof-of-concept, no malware that could be able to pull such an attack off. 

Instead, the researchers were just interested in whether or not people would notice anything was amiss if such an infection did occur.

In total, 27 people were tested to see if they would notice anything strange during their session of Beat Saber. The only visual clue was a little flickering on the home screen before playing the game. In total, 10 people noticed the change, nine of which attributed it to an innocuous system glitch.

In other words, prepare to read about elaborate phishing scams in the metaverse.

Via Tom’s Hardware

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.