Virtual Reality just got a little more real according to information shared by security researchers Alex Radocea and Philp Petterson. This week they showed the crowd at the Recon cybersecurity show in Montreal how it is possible to hack virtual reality worlds. So much for VR being a safe place to play!
3 Worlds 3 Hacks
Attendees were treated to demonstrations of hacking VR Chat, Steam VR and open source VR system High Fidelity. Once hacked and infiltrated the researchers showed how it is possible to take complete control of the victim’s world, listening to what the victim is saying and altering the things they see.
From Virtual to Reality
What’s more troubling is the apparent ease with which the virtually hacked worlds could be used to attack the victim’s “real” world. On the VR Chat and Steam VR platforms, victims were invited to a fake chat room. Once the chatroom was entered an exploit infected the victims’ machines. Then in “real” virus fashion the exploited machine invited the victim’s contacts to the chatroom so they too could be infected and so on and so on.
Not the First Time, Nor the Last
- Turn on user microphones and listen to private conversations
- Join any VR room including private rooms
- Create a replicating worm that infects users as soon as they enter a room with other VR users
- View user computer screens in real time
- Send messages on a user’s behalf
- Download and run programs – including malware – onto user computers
- Join users in VR while remaining invisible. This novel attack was termed as a Man-In-The-Room (MITR) attack
- Phish users into downloading fake VR drivers.
Security for your Reality
At Konsultek we build customized security solutions for organizations of all sizes and in all markets. Our team of engineers and account executives has the skills and resources to quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.
So, if you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.
The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.