If someone were to infect your Meta Quest VR headset with malware, they could trick you into seeing things in the virtual world that aren’t real, experts warn.
Academics at Cornell University recently published a paper which details the ability to hijack people’s VR sessions and monitor their interactions with internal applications, external servers, and more.
According to the article, hackers could theoretically insert a so-called “Inception Layer” between the VR home screen and the VR user/server. For example, the victim could open their banking app in virtual reality and see their usual balance, while in reality they are completely bankrupt. The hackers may also be able to trick the victim into initiating a wire transfer while being completely unaware of what is actually going on.
VR phishing
Things can get even crazier when you throw in generative AI, deepfakes and other emerging technology. People might think they were talking to their friends, colleagues and bosses in VR, while in the background they were being taken for everything they have.
While the threats sound ominous, it’s important to note that the researchers didn’t actually explore the possibility of compromising these VR headsets. Whether they have a vulnerability that can be exploited in this way is currently unknown. Moreover, there is no proof-of-concept, no malware that could carry out such an attack.
Instead, the researchers were only interested in whether people would notice that something was wrong if such an infection were to occur.
A total of 27 people were tested to see if they would notice anything strange during their Beat Saber session. The only visual cue was a bit of flickering on the home screen before playing the game. A total of ten people noticed the change, nine of whom attributed it to an innocent system error.
In other words, prepare to read about elaborate phishing scams in the metaverse.
Through Tom’s hardware