Cybersecurity researchers help protect people with immersive virtual reality

In 2020, approximately 2 million people will connect to virtual reality headsets each month. Virtual reality (VR) industry revenue is projected to grow from $12 billion to $100 billion over the next five years. In the race to develop the most popular VR applications and capture the most consumer demand, VR software developers and companies have not always taken measures to protect consumers from hacking. There is none. In many cases, products that are still in development are released.

LSU Cybersecurity Professor Abe Baggili studied the security of immersive virtual reality (X-reality) systems and was the first in the world to provide this fast-paced industry with solutions to protect those who use these new products. is one of the people in

“Everyone should be aware that all technology has security risks. It could lead to,” Bagiri said. Computers at LSU He is the Department of Science and Center for Computational Technology.

his new research computer and security.

Baggili and his cybersecurity students. The lead author, Martin Vondráček, is currently a security researcher with a Ph.D. A student from the Technical University of Brno in the Czech Republic, to see if it can be hacked into a user’s headset or computer, is a popular social network that people mainly use to watch movies with others in virtual environments. and entertainment XR applications.

Researchers have found that they can hijack a user’s VR headset, look at the screen, turn on the microphone, and install viruses on the computer. Another user entered the virtual room and unknowingly interacted with an infected user, infecting them in the same way viruses spread between real people.

In addition, researchers were able to enter a virtual room using another undetected device and act like a virtual invisible Peeping Tom.

“No one expects an actual living room to have an invisible intruder monitoring their activities and every move. It can violate your privacy,” Bagiri said.

Children and young people are drawn to and use many of these virtual reality applications and headsets, making safety and security measures even more important.

“VR and XR devices collect a lot of personal information, such as the structure of the physical room you are in, your eye, hand, and body movements. physical and financial damage,” he said.

By hacking into VR headsets and cameras, researchers have been able to disorient users or remove physical boundaries to actually walk into walls or fall down stairs. rice field.

Luckily, the company that developed the VR application Baggili and his students tested in this paper accepted all the recommendations the researchers provided in Responsible Disclosure. Developers and scientists can now create safe VR software using tools developed by researchers.

“The vulnerabilities we discovered could have been prevented. As part of our investigation, we implemented several analysis and attack tools, exploit examples, and vulnerability signatures. The art of prevention,” says Vondráček.

Additionally, virtual reality applications are used in education, healthcare, critical infrastructure, and military defense.

“This study is important for identifying security weaknesses in common XR applications. Legislators and organizations need to know the potential harm it Developing companies must find the right balance between security, privacy and safety, and mass adoption is on the rise,” said the XR Safety Initiative, a global non-profit standards development organization. XRSI) founder and information security researcher Kavya Pearlman.

How to safely join the metaverse

“Be diligent and understand that new technology has both positive and negative consequences. Don’t trust it all the time, use it like a scientist. Experiment with things, use Try it, you have to understand what they are doing with your data,” says Baggili.

Unfortunately, there aren’t many platforms where users can educate themselves about these new technologies. Most of the information people see comes from companies selling VR products, and of course with no attention to potential privacy or security risks.

“We will respond to this by bringing our research to the public attention in the global media. Our hope is that it will help raise awareness of VR, its strengths and associated dangers.” That’s it,” says Baggili.