VReaves: Eavesdropping on Virtual Reality App Identity and Activity via Electromagnetic Side Channels

TL;DR

This paper introduces VReaves, a system that exploits electromagnetic emanations from VR headsets to identify applications and activities, revealing a new physical security vulnerability in VR devices.

Contribution

It is the first to analyze electromagnetic side channels in VR headsets for app and activity identification, combining signal processing and machine learning techniques.

Findings

High accuracy in VR app identification

Effective activity recognition from electromagnetic signals

Potential security risks in VR hardware

Abstract

Virtual reality (VR) has recently proliferated significantly, consisting of headsets or head-mounted displays (HMDs) and hand controllers for an embodied and immersive experience. The VR device is usually embedded with different kinds of IoT sensors, such as cameras, microphones, communication sensors, etc. However, VR security has not been scrutinized from a physical hardware point of view, especially electromagnetic emanations (EM) that are automatically and unintentionally emitted from the VR headset. This paper presents VReaves, a system that can eavesdrop on the electromagnetic emanation side channel of a VR headset for VR app identification and activity recognition. To do so, we first characterize the electromagnetic emanations from the embedded IoT sensors (e.g., cameras and microphones) in the VR headset through a signal processing pipeline and further propose machine learning models to identify the VR app and recognize the VR app activities. Our experimental evaluation with commercial off-the-shelf VR devices demonstrates the efficiency of VR app identification and activity recognition via electromagnetic emanation side channel.