Researchers Demonstrate "Inception Attacks" Against Virtual Reality Users
Named for the Nolan film, the inception attack replaces your virtual reality with a virtual virtual reality.
Researchers from the University of Chicago's Department of Computer Science have come up with a way to carry out an attack on users of virtual reality systems, targeting the Meta Quest for a proof of concept in what they have termed "inception attacks."
"Recent advances in virtual reality (VR) system provide fully immersive interactions that connect users with online resources, applications, and each other. Yet these immersive interfaces can make it easier for users to fall prey to a new type of security attacks," the researchers claim in the abstract to their paper, brought to our attention by MIT Technology Review.
"We introduce the inception attack, where an attacker controls and manipulates a user's interaction with their VR environment and applications, by trapping them inside a malicious VR application that masquerades as the full VR system."
Named for Christopher Nolan's 2010 sci-fi film, the "inception attack" presents similarly: the VR user targeted is presented with an "inception VR layer," which sits between them and their actual virtual environment, capturing data on-the-fly β and allowing for its modification too. "Once trapped in an 'inception VR layer,'" the researchers claim, "all of the user's interactions with remote servers, network applications, and other VR users can be recorded or modified without their knowledge. "
Tested on all currently-available Meta Quest devices β the Quest 2, Quest 3, and Quest Pro β the inception attack relies on the attacker being able to make a network connection to the headset and to inject a malicious app that replicates, in detail, the user's usual home screen experience. When activated this app takes over from the actual home screen, resulting in a brief glitch only around a third of participants noticed β and which almost all who did notice put down to the vagaries of virtual reality itself.
Coupled with malicious clones of popular apps like VRChat, the inception attack can eavesdrop and modify communications in both directions β and, should virtual reality be considered a sensible place to conduct banking transactions, even steal funds without alerting the user. "Our inception attacks [β¦] successfully deceived 26 out of 27 participants," the team claims. "Notably, even highly experienced users, who interact with VR devices on a daily/weekly basis, were susceptible."
The researchers suggest some defenses against inception attacks, including requiring secure authentication to access network ports on a headset, disabling the side-loading of apps, and regularly-scheduled headset resets which terminate the inception app and its spy script until rerun.
"We believe there is still enough time to design and implement multiple security measures to dramatically reduce both the expected proliferation of these attacks as well as the damage they inflict," the team concludes. "But the clock is ticking."
The team's work has been published as a preprint on Cornell's arXiv server under open-access terms.
Main article image courtesy of Meta.