Computer scientists from the University of California, Riverside, have unveiled potential vulnerabilities in augmented reality (AR) and virtual reality (VR) technologies, shedding light on the risks associated with these immersive digital realms for hackers.
Their findings, set to be presented at the annual Usenix Security Symposium, a prominent global cybersecurity conference, underscore the potential security concerns introduced by AR and VR headsets hardware and virtual keyboard interfaces.
The emerging landscape of the metaverse, a concept being actively developed by tech giants like Facebook's Mark Zuckerberg, relies on headsets that interpret users' bodily movements—gestures, nods, steps, and blinks—to navigate the dynamic worlds of AR and VR for socializing, gaming, work, and even commerce.
Led by Professors Jiasi Chen and Nael Abu-Ghazaleh from UCR's Bourns College of Engineering, the research demonstrates the unsettling possibility that malware could covertly track and record users' physical movements and subsequently utilize artificial intelligence to translate those actions into textual information with astonishing accuracy, surpassing 90%.
Abu-Ghazaleh explained, "We've essentially shown that within a multi-application environment, one malicious application can surreptitiously monitor other applications. This includes gathering data about your surroundings, identifying nearby individuals and estimating their distances." Such an invasion of privacy could potentially expose a user's interactions with their headset to an unauthorized entity.
An illustrative scenario presented by the researchers involves the malware capturing a user's keystrokes on a virtual keyboard while they momentarily switch from a VR game to checking Facebook messages. Furthermore, spies could leverage data on a user's physical movements to gain insight into their activities during sensitive virtual conferences, where confidential information might be discussed and shared.
The forthcoming cybersecurity conference will feature two papers co-authored by Abu-Ghazaleh and Chen, alongside contributions from UCR computer science PhD student Yicheng Zhang and Carter Slocum, a visiting Assistant Professor at Harvey Mudd College who earned his doctorate at UCR.
The first paper, titled "It's all in your head(set): Side-channel attacks on AR/VR systems," delves into the mechanics of potential attacks. It outlines how malicious entities could capture and analyse a user's hand gestures, vocal commands, and virtual keyboard inputs, all with an alarming precision exceeding 90%, with Zhang serving as the lead author. Additionally, the paper demonstrates the ability to discern launched applications and detect nearby individuals with remarkable spatial accuracy of approximately 4 inches (10.3 cm).
As the realm of AR and VR continues to expand and shape our digital experiences, this research serves as a stark reminder of the need for robust cybersecurity measures to safeguard users' privacy and data integrity within these immersive environments.
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.