Inception Attacks: Immersive Hijacking in Virtual Reality Systems
read the original abstract
Today's virtual reality (VR) systems provide immersive interactions that seamlessly connect users with online services and one another. However, these immersive interfaces also introduce new vulnerabilities, making it easier for users to fall prey to new attacks. In this work, we introduce the immersive hijacking attack, where a remote attacker takes control of a user's interaction with their VR system, by trapping them inside a malicious app that masquerades as the full VR interface. Once trapped, all of the user's interactions with apps, services and other users can be recorded and modified without their knowledge. This not only allows traditional privacy attacks but also introduces new interaction attacks, where two VR users encounter vastly different immersive experiences during their interaction. We present our implementation of the immersive hijacking attack on Meta Quest headsets and conduct IRB-approved user studies that validate its efficacy and stealthiness. Finally, we examine effectiveness and tradeoffs of various potential defenses, and propose a multifaceted defense pipeline.
This paper has not been read by Pith yet.
Forward citations
Cited by 1 Pith paper
-
Is It Real? Exploiting Virtual-Physical Discrimination Vulnerability in Mixed Reality
Mixed reality headsets have a virtual-physical discrimination vulnerability that can be exploited to alter user behavior, demonstrated through four proof-of-concept attacks on Apple Vision Pro with 85-100% success rat...
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.