Security News > 2022 > February > How hackers could use popular virtual reality headsets to steal sensitive information

How hackers could use popular virtual reality headsets to steal sensitive information
2022-02-18 04:30

Researchers at Rutgers University-New Brunswick have published "Face-Mic," the first work examining how voice command features on virtual reality headsets could lead to major privacy leakages, known as eavesdropping attacks.

The research shows that hackers could use popular virtual reality headsets with built in motion sensors to record subtle, speech-associated facial dynamics to steal sensitive information communicated via voice-command, including credit card data and passwords.

"Our research demonstrates that Face-Mic can derive the headset wearer's sensitive information with four mainstream AR/VR headsets, including the most popular ones: Oculus Quest and HTC Vive Pro.".

"By analyzing the facial dynamics captured with the motion sensors, we found that both cardboard headsets and high-end headsets suffer security vulnerabilities, revealing a user's sensitive speech and speaker information without permission," said Chen.

Vulnerable virtual reality headsets a major threat to privacy.

Chen and her WINLAB colleagues are now examining how facial vibration information can authenticate users and improve security, and how AR/VR headsets can capture a user's breathing and heart rate to measure well-being and mood states unobtrusively.


News URL

https://www.helpnetsecurity.com/2022/02/18/virtual-reality-headsets-privacy/