Meta Quest: Hackers could manipulate your Virtual Reality, study finds
A study reveals a vulnerability in Meta's Quest VR system that allows hackers to spy on user data and manipulate social interactions.
The MIT Technology Review has published a study by the University of Chicago that reveals a worrying vulnerability in Meta's Quest operating system. The researchers injected malicious code into the Meta Quest VR system through an application that creates a digital clone of the Quest home environment.
During the study, the researchers hacked 27 test subjects who were unaware of the attack and assumed a simple analysis of their VR activity. The code was activated when users exited an app and returned to the home screen. Only ten people noticed a slight delay, but dismissed it as a simple lag. Only one user reported any suspicious activity.
Developer Mode as the main vulnerability
Once inside the system, the researchers were able to see, record, and modify everything the subjects did with the headset, including tracking speech, gestures, keystrokes, and browser activity. The content of messages sent to other people could also be manipulated.
However, to carry out such an attack, potential hackers would need access to the user's Wi-Fi network. At the same time, the VR headset would have to be in developer mode. Only in this mode is remote access via the Wi-Fi network possible — for debugging purposes, that is.
A Meta spokesperson told MIT Technology Review that the company will review the researchers' findings. An independent peer review is also pending. Links to the study and more details can be found in the source below.
Not the first VR vulnerability
US computer specialists hacked VR headsets in a test back in 2018, stealing sensitive user data. At the time, the focus was on the PC VR headsets Oculus Rift and HTC Vive. Computer scientists at the University of New Haven infected a computer with malware to bypass the operating system's security barriers and gain access to the OpenVR interface. This was necessary to run the HTC Vive and Oculus Rift under Steam. The interface was poorly protected and many components of the software were unencrypted.
Note: Links to online stores in articles can be so-called affiliate links. If you buy through this link, MIXED receives a commission from the provider. For you the price does not change.