Meta’s $499 virtual reality headsets face a significant security threat as researchers at the University of Chicago reveal vulnerabilities that could allow hackers to take control of the devices and access sensitive information undetected.

In a recent academic paper, computer science researchers detailed how they exploited flaws in Meta’s Quest VR security system to execute what they described as an “Inception-style” attack.

This attack method mirrors the plot of the popular 2010 sci-fi film, where hackers infiltrate the subconscious minds of their victims to steal information.

The researchers developed a malicious app capable of installing code into the VR system, creating a replica home screen and apps indistinguishable from the original.

Once installed, hackers gain control over essential functions such as voice, gestures, keystrokes, and browsing activities, all without the user’s knowledge.

READ MORE – How is Meta striking back against AI?

According to the study, users could unwittingly interact within a simulated environment controlled by hackers, enabling interception, recording, and potential alteration of their actions.

Bank login

For instance, conversations could be intercepted and manipulated, and sensitive activities like entering bank login credentials could be compromised.

In one experiment, researchers manipulated a VR headset user’s payment transaction, causing them to unknowingly transfer a higher amount than intended.

The attack is contingent upon hackers sharing the same Wi-Fi network as their target and exploiting the “developer mode” option, which permits the installation of third-party apps.

Experts advise users to safeguard against such attacks by resetting their devices to factory settings to remove any malicious applications. Meta, responding to the study, stated that they actively collaborate with academic researchers through bug bounty programs and other initiatives.

The vulnerability comes at a critical time for Meta, as its Reality Labs division, responsible for VR technology development, incurred significant losses, exceeding $4.6 billion in the fourth quarter of 2023.

Despite these setbacks, Meta continues to invest heavily in its metaverse technology, confirming augmented reality (AR) and VR product development to expand its ecosystem.