Meta Quest: Hackers could manipulate your Virtual Reality, study finds

Mar 12 2024 Josef Erl

A study reveals a vulnerability in Meta's Quest VR system that allows hackers to spy on user data and manipulate social interactions.

The MIT Technology Review has published a study by the University of Chicago that reveals a worrying vulnerability in Meta's Quest operating system. The researchers injected malicious code into the Meta Quest VR system through an application that creates a digital clone of the Quest home environment.

During the study, the researchers hacked 27 test subjects who were unaware of the attack and assumed a simple analysis of their VR activity. The code was activated when users exited an app and returned to the home screen. Only ten people noticed a slight delay, but dismissed it as a simple lag. Only one user reported any suspicious activity.

Developer Mode as the main vulnerability

Once inside the system, the researchers were able to see, record, and modify everything the subjects did with the headset, including tracking speech, gestures, keystrokes, and browser activity. The content of messages sent to other people could also be manipulated.

However, to carry out such an attack, potential hackers would need access to the user's Wi-Fi network. At the same time, the VR headset would have to be in developer mode. Only in this mode is remote access via the Wi-Fi network possible — for debugging purposes, that is.

Please leave this field empty

XR Briefing
Get the most important XR news delivered to your email inbox once a week.

• VR, AR, AI & more
• free
• cancel at any time

E-Mail *

Privacy Policy

Check your inbox or spam folder to confirm your subscription.

A Meta spokesperson told MIT Technology Review that the company will review the researchers' findings. An independent peer review is also pending. Links to the study and more details can be found in the source below.

Not the first VR vulnerability

US computer specialists hacked VR headsets in a test back in 2018, stealing sensitive user data. At the time, the focus was on the PC VR headsets Oculus Rift and HTC Vive. Computer scientists at the University of New Haven infected a computer with malware to bypass the operating system's security barriers and gain access to the OpenVR interface. This was necessary to run the HTC Vive and Oculus Rift under Steam. The interface was poorly protected and many components of the software were unencrypted.

Buy Quest 3, Accessories & Prescription Lenses

Quest 3

Quest 3 128 GB Quest 3 512 GB

Quest 3 Accessories

Active Straps for Touch Plus Controllers Carrying Case Charging Dock Elite Strap Elite Strap + Battery Facial Interface & Head Strap Blue Facial Interface & Head Strap Orange Silicone Facial Interface Touch Pro Controllers

VR Optician

Prescription Lens Inserts

Note: Links to online stores in articles can be so-called affiliate links. If you buy through this link, MIXED receives a commission from the provider. For you the price does not change.