Meta’s $499 virtual reality headsets face a significant security threat as researchers at the University of Chicago reveal vulnerabilities that could allow hackers to take control of the devices and access sensitive information undetected.
In a recent academic paper, computer science researchers detailed how they exploited flaws in Meta’s Quest VR security system to execute what they described as an “Inception-style” attack.
This attack method mirrors the plot of the popular 2010 sci-fi film, where hackers infiltrate the subconscious minds of their victims to steal information.
The researchers developed a malicious app capable of installing code into the VR system, creating a replica home screen and apps indistinguishable from the original.
Once installed, hackers gain control over essential functions such as voice, gestures, keystrokes, and browsing activities, all without the user’s knowledge.
According to the study, users could unwittingly interact within a simulated environment controlled by hackers, enabling interception, recording, and potential alteration of their actions.
Bank login
For instance, conversations could be intercepted and manipulated, and sensitive activities like entering bank login credentials could be compromised.
In one experiment, researchers manipulated a VR headset user’s payment transaction, causing them to unknowingly transfer a higher amount than intended.
The attack is contingent upon hackers sharing the same Wi-Fi network as their target and exploiting the “developer mode” option, which permits the installation of third-party apps.
Experts advise users to safeguard against such attacks by resetting their devices to factory settings to remove any malicious applications. Meta, responding to the study, stated that they actively collaborate with academic researchers through bug bounty programs and other initiatives.
The vulnerability comes at a critical time for Meta, as its Reality Labs division, responsible for VR technology development, incurred significant losses, exceeding $4.6 billion in the fourth quarter of 2023.
Despite these setbacks, Meta continues to invest heavily in its metaverse technology, confirming augmented reality (AR) and VR product development to expand its ecosystem.
Ahron Young is an award winning journalist who has covered major news events around the world. Ahron is the Managing Editor and Founder of TICKER NEWS.
Long-awaited first crewed test flight of the new Starliner space capsule was called off over a technical issue that launch teams could not resolve in time.
Originally scheduled for liftoff from Florida’s Kennedy Space Center, the mission aimed to demonstrate Starliner’s capabilities and certify it for regular crewed flights to the ISS, as reported by Reuters.
Tesla CEO Elon Musk dissolves supercharging team, leaving customers stranded.
Elon Musk’s decision to disband Tesla’s electric vehicle charging team has left customers concerned about the future of the company’s charging infrastructure.
The move comes as a surprise to many, considering Tesla’s commitment to expanding its charging network to support its growing fleet of EVs #featured