VR headsets vulnerable to 'Inception attacks' — where hackers can mess with your sense of reality and steal your data
Popular VR headsets like the Meta Quest or Apple Vision Pro can be broken into, with hackers adding fake experiences called "inception layers" that let them manipulate how a user behaves.
Scientists have identified a vulnerability in virtual reality (VR) headsets that could let hackers access private information without the wearers' knowledge.
A hacker can insert a new "layer" between the user and the device's normal image source. Hackers can then deploy a fake app in the VR headset that might trick the wearer into behaving in specific ways or giving up their data. This is known as an "Inception layer," referring to Chris Nolan's 2010 sci-fi thriller in which espionage agents infiltrate a target's mind and implant an idea the target assumes is their own.
The VR "Inception attack" was detailed in a paper uploaded March 8 to the preprint server arXiv, and the team successfully tested it on all versions of the Meta Quest headset.
Researchers found several possible routes of entry into the VR headset, ranging from tapping into a victim's Wi-Fi network to "side-loading" — which is when a user installs an app (possibly loaded with malware) from an unofficial app store. These apps then either pretend to be the baseline VR environment or a legitimate app.
All of this is possible because VR headsets don't have security protocols anywhere near as robust as in more common devices like smartphones or laptops, the scientists said in their paper.
Using this new fake layer, hackers can then control and manipulate interactions in the VR environment. The user won't even be aware they're looking at and using a malicious copy of, say, an app they use to catch up with friends.
Sign up for the Live Science daily newsletter now
Get the world’s most fascinating discoveries delivered straight to your inbox.
Some examples of what an attacker could do include altering the amount of money being transferred — and its destination — in any online transaction and logging somebody's credentials when logging into a service. Hackers can even add a fake VRChat app and use it to eavesdrop on a conversation or modify live audio using artificial intelligence (AI) to impersonate a participant.
"VR headsets have the potential to deliver users a deeply immersive experience comparable to reality itself," the scientists said in the paper. "The flip side of these immersive capabilities is that when misused, VR systems can facilitate security attacks with far more severe consequences than traditional attacks."
The immersive sensory input can give users a false sense of comfort, they claimed, making them more likely to give up private information and trust what they see to than they do in other computing environments.
VR attacks can also be hard to detect because the environment is designed to resemble interactions in the real world — rather than the prompts you see in conventional computing. When they tested the exploit on 28 participants, only 10 detected the giveaway that an attack was underway — which was a fleeting "glitch" in the visual field like a slight flicker in the image.
The researchers listed several possible defense mechanisms against such attacks in their paper, but they said that the manufacturers should educate users on any signs that their headset is under attack. These include minor visual anomalies and glitches.
Such attacks could become more common over time, they added. But there is still time for companies like Meta to build and deploy countermeasures before VR headsets become more popular and cybercriminals consider them a viable vector to launch an attack.
Drew is a freelance science and technology journalist with 20 years of experience. After growing up knowing he wanted to change the world, he realized it was easier to write about other people changing it instead. As an expert in science and technology for decades, he’s written everything from reviews of the latest smartphones to deep dives into data centers, cloud computing, security, AI, mixed reality and everything in between.