VR Hack : Bigscreen VR App and Unity Engine Vulnerabilities Revealed By University of New Haven researchers
Using Bigscreen, a popular virtual reality application, researchers at the University of New Haven were able to listen to users’ conversations and access their computers without their knowledge“Our research shows hackers are able to monitor people day in and day out – listen to what they are saying and see how they are interacting in virtual reality. They can’t see you, they can’t hear you, but the hacker can hear and see them, like an invisible Peeping Tom. A different layer of privacy has been invaded.”” said Ibrahim Baggili, founder and co-director of the University of New Haven Cyber Forensics Research and Education Group.Without users’ knowledge and consent – and without tricking users into downloading software or granting access to the computer – University of New Haven researchers were able to:
- Turn on user microphones and listen to private conversations
- Join any VR room including private rooms
- Create a replicating worm that infects users as soon as they enter a room with other VR users
- View user computer screens in real time
- Send messages on a user’s behalf
- Download and run programs – including malware – onto user computers
- Join users in VR while remaining invisible. This novel attack was termed as a Man-In-The-Room (MITR) attack
- Phish users into downloading fake VR drivers
After being informed of these facts to Bigscreen and Unity. Bigscreen CEO and Founder Darshan Shankar said Feb. 14 the company has patched the issues. Unity recently added language to its website warning users the platform can be “used to open more than just webpages, with important security implications you must be aware of.”
0 comments:
Post a Comment