Researchers from the University of Chicago have discovered a potential vulnerability in virtual reality (VR) systems, which a hacker could use to insert an “inception layer” between a user and a virtual world, controlling their experience and “trapping” them in a malicious VR application.
The team published their findings in a paper, introducing the concept of inception attacks and detailing tests conducted on Meta Quest’s VR headsets.
The inception attacks, named after the Leonardo DiCaprio film where characters have dreams downloaded into their psyche, are characterized by hackers controlling a user’s virtual environment by inserting a false VR layer into their system.
Once in the false VR layer, users can then be manipulated to reveal sensitive information.
“Once trapped in an inception VR layer, all of the user's interactions with remote servers, network applications, and other VR users can be recorded or modified without their knowledge,” the team wrote. “This enables traditional attacks (recording passwords and modifying user actions in flight), as well as VR interaction attacks, where (with generative AI tools) two VR users interacting can experience two dramatically different conversations.”
To test these attacks, the team cloned a version of Meta’s Quest browser which modifies data as it’s displayed to a user and even monitors and alters audio chats between VR users.
In tests, only 37% of users noticed the visual glitch when the inception attack began and only one suspected malicious activity.
Users have not yet reported examples of this attack but the researchers’ work shows the potentially devastating impacts such a hack could have.
While the team said there is still time to develop counter-attacks to defend users, they warned that as VR systems grow increasingly complex, the risk of attack grows.
“The results of our study demonstrate the initial feasibility and effectiveness of our inception attacks, which successfully deceived 26 out of 27 participants,” the team wrote. “We need more systematic approaches to defend against such attacks,
“Looking forward, we believe there is still enough time to design and implement multiple security measures to dramatically reduce both the expected proliferation of these attacks as well as the damage they inflict. But the clock is ticking.”
