ThermalTap: Passive Application Fingerprinting in VR Headsets via Thermal Side Channels

TL;DR

ThermalTap demonstrates a passive, non-contact side-channel attack that accurately fingerprints VR applications by analyzing thermal radiation emitted by headsets, revealing significant privacy risks.

Contribution

This work introduces ThermalTap, the first system to passively identify VR applications using thermal side channels without device interaction or software execution.

Findings

Achieves over 90% accuracy indoors with 10 seconds of data

Identifies applications outdoors with up to 81% accuracy

Reveals thermal radiation as a fundamental privacy vulnerability

Abstract

Standalone virtual reality (VR) headsets process highly sensitive personal, professional, and health-related data, yet their susceptibility to non-contact physical side channels remains largely unexplored. Existing side-channel attacks typically require malicious software execution or physical access to peripherals, making them conspicuous and potentially patchable. This paper introduces ThermalTap, the first passive, non-contact side-channel attack that fingerprints VR applications solely from the long-wave infrared (LWIR) radiation emitted by the headset chassis. By treating a headset's thermal signature as a high-fidelity proxy for internal computational workloads, ThermalTap enables remote application inference at meter-scale distances without any device interaction. To achieve robust performance in real-world settings, the system combines a commodity thermal camera with a multi-modal sensor suite (capturing ambient temperature, humidity, and airflow) to normalize environmental noise. We evaluate ThermalTap using six applications across three commercial standalone headsets. In indoor settings, ThermalTap identifies applications with over 90% accuracy using only 10 seconds of thermal camera data. Under outdoor conditions, with longer session-level observations, several applications remain identifiable despite environmental variability, with the strongest outdoor application reaching 81% accuracy. Our findings establish thermal radiation as a fundamental and unavoidable privacy risk for immersive systems, exposing a critical security gap that bypasses current software-level protections and physical access controls.