Inception Attacks: Immersive Hijacking in Virtual Reality Systems

TL;DR

This paper introduces immersive hijacking attacks in VR systems, demonstrating how attackers can take control of user interactions, leading to privacy breaches and altered shared experiences, validated through real-world implementation and user studies.

Contribution

It presents the first detailed analysis and implementation of immersive hijacking attacks in VR, along with evaluation and defense strategies.

Findings

Attack successfully hijacks VR user interactions

Stealthy attack demonstrated on Meta Quest headsets

Proposed defenses offer tradeoffs and mitigation options

Abstract

Today's virtual reality (VR) systems provide immersive interactions that seamlessly connect users with online services and one another. However, these immersive interfaces also introduce new vulnerabilities, making it easier for users to fall prey to new attacks. In this work, we introduce the immersive hijacking attack, where a remote attacker takes control of a user's interaction with their VR system, by trapping them inside a malicious app that masquerades as the full VR interface. Once trapped, all of the user's interactions with apps, services and other users can be recorded and modified without their knowledge. This not only allows traditional privacy attacks but also introduces new interaction attacks, where two VR users encounter vastly different immersive experiences during their interaction. We present our implementation of the immersive hijacking attack on Meta Quest headsets and conduct IRB-approved user studies that validate its efficacy and stealthiness. Finally, we examine effectiveness and tradeoffs of various potential defenses, and propose a multifaceted defense pipeline.