So there’s time to start beefing up defenses now. The good news? While VR technologies are commercially available, they’re not all that widely used, says Roesner. The inception attack shows that we need to think of VR as another dimension in a world where it’s getting increasingly difficult to know what’s real and what’s not.Īs more people use these systems, and more products enter the market, the onus is on the tech sector to develop ways to make them more secure and trustworthy. This is related to a growing problem we’re seeing with the rise of generative AI, and even with text, audio, and video: it is notoriously difficult to distinguish real from AI-generated content. People do not know what an attack looks like. She says that with online browsers, we have been trained to recognize what looks legitimate and what doesn’t, but with VR, we simply haven’t. One of the fundamental issues people may have to deal with in using VR is whether they can trust what they’re seeing, says Roesner. “As far as I could tell, there was not any difference except a bit of a slower loading time-things that I think most people would just translate as small glitches in the system,” says Lu. Despite that, the attack took her and almost all the other participants by surprise. She says she has been using, studying, and working with VR systems regularly since 2017. One of the participants was Jasmine Lu, a computer science PhD researcher at the University of Chicago. To test how stealthy the inception attack was, the University of Chicago researchers recruited 27 volunteer VR experts to experience it. VR has the potential to put misinformation, deception and other problematic content on steroids because it exploits people’s brains, and deceives them physiologically and subconsciously, says Roesner: “The immersion is really powerful.”Īnd because VR technology is relatively new, people aren’t vigilantly looking out for security flaws or traps while using it. Even in very basic virtual environments, people start stepping around objects as if they were really there. Past studies have shown how quickly people start treating things in AR or VR as real, says Franzi Roesner, an associate professor of computer science at the University of Washington, who studies security and privacy but was not part of the study. It’s shocking to see how fragile and unsecure these VR systems are, especially considering that Meta’s Quest headset is the most popular such product on the market, used by millions of people.īut perhaps more unsettling is how attacks like this can happen without our noticing, and can warp our sense of reality. You can read more about it in my story here. The findings are pretty mind-bending, in part because the researchers’ unsuspecting test subjects had absolutely no idea they were under attack. Once inside, attackers are able to see, record, and modify everything the person does with the VR headset, tracking voice, motion, gestures, keystrokes, browsing activity, and even interactions with other people in real time. Then it launches a clone of the home screen and apps that looks identical to the user’s original screen. Inspired by the Christoper Nolan movie Inception, the attack allows hackers to create an app that injects malicious code into the Meta Quest VR system. I just published a story about a new kind of security vulnerability discovered by researchers at the University of Chicago. But that was a decade ago, and the experience has gotten a lot smoother and more realistic since. That impressive level of immersiveness could be a problem, though: it makes us particularly vulnerable to cyberattacks in VR. It was the first Oculus Rift, and I nearly fainted after experiencing an intense but visually clumsy VR roller-coaster. I remember the first time I tried on a VR headset.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |