Virtual Reality becoming new target for potential hackers

Posted at 11:32 PM, Jan 17, 2019
and last updated 2019-01-18 12:45:42-05

(WMAR) — Dr. Ibrahim Baggili, Ph.D. gets to play in the world of virtual reality as part of his job, but he suspects the VR isn’t just the next frontier for tech lovers.

“Virtual Reality is absolutely susceptible to hackers at this point in time,” says Dr. Ibrahim (Abe) Baggili, of The University of New Haven Cyber Forensics Research and Education Group.

He and his research team say they’ve uncovered vulnerabilities in popular virtual reality systems. They believe the hacking will be different from anything we’ve seen before.

He says, “I think what's really interesting in VR is for the first time we have a technology that takes over your complete sight and your complete vision, and now also, slowly, is taking over your hearing.”

In the lab, the researchers were able to take over systems and manipulate users
physically. Graduate researcher Peter Casey says one way is in something called a Chaperone Attack. He says, “A Chaperone Attack is when we either disable or expand the safety boundaries that are keeping the player from moving into any obstacles in the room.”

In a Human Joystick Attack, they were able to gradually move people across a room without them realizing it. Casey says it has to do with a false sense of reality, and that the movement along with removal of boundaries can be a concern. He adds, “You know you could walk someone … down the stairs.”

The group could also turn on cameras and insert or overlay images right into the middle of an experience. That’s called an Overlay Attack. “What that is is effectively a ransomware attack where they can no longer use the device as it's intended,” says Casey.

Dr Baggili stresses that virtual reality hacks haven’t made headlines yet, and not all features or brands are proven to be vulnerable.

We talked to Arash Keshmirian, the co-founder of Extality, a tech and gaming company that works with leading v-r manufacturers. He says, “The idea that we’re going to become zombies and ... be moved around by the headsets into dangerous situations, I don’t see that happening.” He adds, “It’s a little bit like any other system where you know there is risk. You’re a little bit no one wants to trip and fall or smash their tv or furniture.”

Dr. Baggili says there are many positive uses and aspects to VR, but it’s critical to expose potential problems before trouble strikes. He says, “We have, ya know, proof that all of these things are possible.”

And, like with other tech, Dr. Baggili presented research that data “such as user names, user profile pictures, events, and system details may be recovered.”

The researchers say there are various ways in which the VR computer may be compromised, such as through malicious email attachments or malicious games. To help protect yourself from at some potential problems, the researchers say to take precautions like you would with all devices:
● Make sure to keep your VR software and hardware updated along with anti-virus software.
● And only open what you need to on your computer to operate the v-r system.

We did reach out to Oculus and HTC Vive, the specific VR companies tested. They have yet to provide answers to our questions.