Just stop doing everything for now!: Understanding security attacks in remote collaborative mixed reality

TL;DR

This paper investigates security vulnerabilities in remote collaborative mixed reality environments, revealing user awareness gaps and emphasizing the need for improved training and security measures to protect immersive MR systems.

Contribution

It introduces a set of MR-specific security attacks, evaluates user responses through a user study, and highlights the importance of user training and security enhancements.

Findings

Users have lower recognition rates for immersive attacks.

Traditional attack responses are more effective than MR-specific ones.

Security awareness gaps exist in remote MR collaboration.

Abstract

Mixed Reality (MR) devices are being increasingly adopted across a wide range of real-world applications, ranging from education and healthcare to remote work and entertainment. However, the unique immersive features of MR devices, such as 3D spatial interactions and the encapsulation of virtual objects by invisible elements, introduce new vulnerabilities leading to interaction obstruction and misdirection. We implemented latency, click redirection, object occlusion, and spatial occlusion attacks within a remote collaborative MR platform using the Microsoft HoloLens 2 and evaluated user behavior and mitigations through a user study. We compared responses to MR-specific attacks, which exploit the unique characteristics of remote collaborative immersive environments, and traditional security attacks implemented in MR. Our findings indicate that users generally exhibit lower recognition rates for immersive attacks (e.g., spatial occlusion) compared to attacks inspired by traditional ones (e.g., click redirection). Our results demonstrate a clear gap in user awareness and responses when collaborating remotely in MR environments. Our findings emphasize the importance of training users to recognize potential threats and enhanced security measures to maintain trust in remote collaborative MR systems.