Computer scientists at the University of California, Riverside have uncovered potential vulnerabilities in Augmented Reality (AR) and Virtual Reality (VR) technologies. These findings highlight the risk posed by hardware such as headsets and virtual keyboards, which could be exploited by hackers.
AR and VR technologies, being developed by industry leaders like Facebook’s Mark Zuckerberg, rely on headsets that interpret users’ bodily motions to navigate digital worlds for gaming, socializing, and professional purposes. However, the team at UCR’s Bourns College of Engineering has demonstrated that spyware can monitor and record users’ actions, and using artificial intelligence, translate them into words with over 90% accuracy.
Running multiple applications, one of which might be malicious, exposes users to potential spying. It could show attackers the user’s surroundings and their proximity to others. Furthermore, it could disclose their interactions with the headset, such as inputting passwords on a virtual keyboard or participating in a virtual meeting where sensitive information is discussed. Hackers could capture such data, compromising users’ security and privacy.
The team is set to present two papers at the Usenix Security Symposium, one focusing on side-channel attacks on AR/VR systems, and the other on the security risk associated with virtual keyboards. In these papers, the researchers detail how hackers can recover hand gestures, voice commands, and keystrokes, as well as how head movements made by users typing can be used to infer the text being typed.
By responsibly disclosing their findings, the researchers aim to inform the tech industry about these vulnerabilities and give companies the opportunity to address them proactively. Industry cooperation is essential in ensuring user safety and maintaining the integrity of AR and VR technologies.
These discoveries highlight the need for robust security measures and continuous monitoring of emerging technologies to protect users from potential threats.