New virtual (VR) and augmented reality (AR) capabilities are opening the door for hackers. This is the conclusion reached by computer scientists from the University of California, Riverside, whose research will be presented at the annual Usenix cybersecurity Symposium in Anaheim.
Emerging metaverse technologies, actively developed by tech giants such as Mark Zuckerberg's Facebook, use special helmets to interpret the user's body movements to navigate the AR and VR worlds. However, research has shown that spyware can observe and record every user movement, translating it into words with an accuracy of 90% or higher.
"We show that if you run multiple applications and one of them is malicious, it can spy on others," said Professor Nael Abu - Ghazaleh. Spyware can transmit information about the user's interaction with the helmet and the surrounding environment to attackers.
Two articles detailing this issue are titled: "It's all in your head (helmet): lateral attacks on AR/VR systems" and "Moving Forward: Key logging in AR/VR from user head movements". The first one details how hackers can recognize gestures, voice commands, and keystrokes on a virtual keyboard. The second one examines the security risk of using a virtual keyboard and demonstrates how spies can recognize text that is typed by the user.
The researchers hope that their work will help the tech industry understand its cybersecurity vulnerabilities. "We demonstrate the capabilities of attacks and then carry out responsible disclosure," Abu - Ghazaleh stressed, explaining that companies will have time to fix vulnerabilities before the research is published.
Emerging metaverse technologies, actively developed by tech giants such as Mark Zuckerberg's Facebook, use special helmets to interpret the user's body movements to navigate the AR and VR worlds. However, research has shown that spyware can observe and record every user movement, translating it into words with an accuracy of 90% or higher.
"We show that if you run multiple applications and one of them is malicious, it can spy on others," said Professor Nael Abu - Ghazaleh. Spyware can transmit information about the user's interaction with the helmet and the surrounding environment to attackers.
Two articles detailing this issue are titled: "It's all in your head (helmet): lateral attacks on AR/VR systems" and "Moving Forward: Key logging in AR/VR from user head movements". The first one details how hackers can recognize gestures, voice commands, and keystrokes on a virtual keyboard. The second one examines the security risk of using a virtual keyboard and demonstrates how spies can recognize text that is typed by the user.
The researchers hope that their work will help the tech industry understand its cybersecurity vulnerabilities. "We demonstrate the capabilities of attacks and then carry out responsible disclosure," Abu - Ghazaleh stressed, explaining that companies will have time to fix vulnerabilities before the research is published.
