False Reality: Uncovering Sensor-induced Human-VR Interaction Vulnerability

TL;DR

This paper uncovers a new physical attack method called False Reality that manipulates VR sensor data to influence user perception and actions without software access, highlighting security vulnerabilities in VR systems.

Contribution

It introduces a systematic analysis and formal framework for physical sensor-based attacks on VR, along with experimental validation and a prototype defense mechanism.

Findings

Validated attack pathways on five VR devices

Demonstrated manipulation of user perception and actions

Proposed an effective defense prototype

Abstract

Virtual Reality (VR) techniques, serving as the bridge between the real and virtual worlds, have boomed and are widely used in manufacturing, remote healthcare, gaming, etc. Specifically, VR systems offer users immersive experiences that include both perceptions and actions. Various studies have demonstrated that attackers can manipulate VR software to influence users' interactions, including perception and actions. However, such attacks typically require strong access and specialized expertise. In this paper, we are the first to present a systematic analysis of physical attacks against VR systems and introduce False Reality, a new attack threat to VR devices without requiring access to or modification of their software. False Reality disturbs VR system services by tampering with sensor measurements, and further spoofing users' perception even inducing harmful actions, e.g., inducing dizziness or causing users to crash into obstacles, by exploiting perceptual and psychological effects. We formalize these threats through an attack pathway framework and validate three representative pathways via physical experiments and user studies on five commercial VR devices. Finally, we further propose a defense prototype to mitigate such threats. Our findings shall provide valuable insights for enhancing the security and resilience of future VR systems.