Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

VR headsets could be hacked in "Inception-esque" attacks — with attackers able to steal your data without you even noticing

Meta Quest 3 headset .

If someone were to infect your Meta Quest VR headset with malware, they could trick you into seeing things in the virtual world which weren’t real, experts have warned.

Academics from Cornell University recently published a paper describing the possibility of hijacking people’s VR sessions and controlling their interactions with internal applications, external servers, and more. 

As per the paper, hackers could, in theory, insert what they call an “Inception Layer” between the VR Home Screen and the VR User/Server. For example, the victim could open their banking app in virtual reality, and see their usual balance, while being completely bankrupt in reality. The hackers could also, potentially, trick the victim into initiating a wire transfer, while being completely oblivious to what’s actually going on.

VR phishing

Things can get even more crazy when you throw in generative AI, deepfakes, and other upcoming technology. People could end up thinking they were talking with their friends, coworkers, and bosses, in VR, while being taken for all they have, in the background.

While the threats sound ominous, it’s important to note that the researchers didn’t really explore the possibility of compromising these VR headsets. Whether or not they have a vulnerability that could be exploited this way is unknown at the time. What’s more, there is no proof-of-concept, no malware that could be able to pull such an attack off. 

Instead, the researchers were just interested in whether or not people would notice anything was amiss if such an infection did occur.

In total, 27 people were tested to see if they would notice anything strange during their session of Beat Saber. The only visual clue was a little flickering on the home screen before playing the game. In total, 10 people noticed the change, nine of which attributed it to an innocuous system glitch.

In other words, prepare to read about elaborate phishing scams in the metaverse.

Via Tom’s Hardware

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.