Virtual Reality and Augmented Reality Security: A Reconnaissance and Vulnerability Assessment Approach

TL;DR

This paper systematically reviews security vulnerabilities in AR and VR devices, focusing on reconnaissance and vulnerability assessment phases, revealing specific attack vectors and emphasizing the importance of early penetration testing steps.

Contribution

It provides a comprehensive analysis of device-specific vulnerabilities in AR and VR systems during reconnaissance and assessment phases, aiding security research and mitigation strategies.

Findings

AR/VR devices are susceptible to remote code execution, XSS, and eavesdropping.

Bigscreen VR exhibits severe vulnerabilities like RCE and XSS.

Oculus Quest is vulnerable to side-channel attacks and ransomware.

Abstract

Various industries have widely adopted Virtual Reality (VR) and Augmented Reality (AR) technologies to enhance productivity and user experiences. However, their integration introduces significant security challenges. This systematic literature review focuses on identifying devices used in AR and VR technologies and specifies the associated vulnerabilities, particularly during the reconnaissance phase and vulnerability assessment, which are critical steps in penetration testing. Following Kitchenham and Charters' guidelines, we systematically selected and analyzed primary studies. The reconnaissance phase involves gathering detailed information about AR and VR systems to identify potential attack vectors. In the vulnerability assessment phase, these vectors are analyzed to pinpoint weaknesses that malicious actors could exploit. Our findings reveal that AR and VR devices, such as headsets (e.g., HTC Vive, Oculus Quest), development platforms (e.g., Unity Framework, Google Cardboard SDK), and applications (e.g., Bigscreen VR, VRChat), are susceptible to various attacks, including remote code execution, cross-site scripting (XSS), eavesdropping, and man-in-the-room attacks. Specifically, the Bigscreen VR application exhibited severe vulnerabilities like remote code execution (RCE) via the 'Application.OpenURL' API, XSS in user inputs, and botnet propagation. Similarly, the Oculus Quest demonstrated susceptibility to side-channel attacks and ransomware. This paper provides a detailed overview of specific device vulnerabilities and emphasizes the importance of the initial steps in penetration testing to identify security weaknesses in AR and VR systems. By highlighting these vulnerabilities, we aim to assist researchers in exploring and mitigating these security challenges, ensuring the safe deployment and use of AR and VR technologies across various sectors.