Hackers could manipulate your Virtual Reality, study finds

Meta Quest: Hackers could manipulate your Virtual Reality, study finds

Image: MIXED

Der Artikel kann nur mit aktiviertem JavaScript dargestellt werden. Bitte aktiviere JavaScript in deinem Browser und lade die Seite neu.

A study reveals a vulnerability in Meta’s Quest VR system that allows hackers to spy on user data and manipulate social interactions.


The MIT Technology Review has published a study by the University of Chicago that reveals a worrying vulnerability in Meta’s Quest operating system. The researchers injected malicious code into the Meta Quest VR system through an application that creates a digital clone of the Quest home environment.

During the study, the researchers hacked 27 test subjects who were unaware of the attack and assumed a simple analysis of their VR activity. The code was activated when users exited an app and returned to the home screen. Only ten people noticed a slight delay, but dismissed it as a simple lag. Only one user reported any suspicious activity.

Developer Mode as the main vulnerability

Once inside the system, the researchers were able to see, record, and modify everything the subjects did with the headset, including tracking speech, gestures, keystrokes, and browser activity. The content of messages sent to other people could also be manipulated.

However, to carry out such an attack, potential hackers would need access to the user’s Wi-Fi network. At the same time, the VR headset would have to be in developer mode. Only in this mode is remote access via the Wi-Fi network possible — for debugging purposes, that is.

A Meta spokesperson told MIT Technology Review that the company will review the researchers’ findings. An independent peer review is also pending. Links to the study and more details can be found in the source below.


Not the first VR vulnerability

US computer specialists hacked VR headsets in a test back in 2018, stealing sensitive user data. At the time, the focus was on the PC VR headsets Oculus Rift and HTC Vive. Computer scientists at the University of New Haven infected a computer with malware to bypass the operating system’s security barriers and gain access to the OpenVR interface. This was necessary to run the HTC Vive and Oculus Rift under Steam. The interface was poorly protected and many components of the software were unencrypted.

Buy Quest 3, Accessories & Prescription Lenses

Sources: MIT Technology Review Study

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top