Vulnerabilities in Steam VR and VRChat can lead to complete system compromise
Vulnerabilities in virtual reality applications allow hacking computers through chat rooms.
With the help of unknown vulnerabilities, cybercriminals can hack users' computers by simply luring them into the chat rooms of popular virtual reality applications Steam VR or VRChat.
Security researchers Alex Radocea and Philip Pettersson have discovered vulnerabilities in three different virtual reality platforms that could allow attackers to hack into a computer. Problems have been identified in VRChat, the features of the Valve Steam VR virtual home and the open source platform High Fidelity.
“When you are hacked in virtual reality, you literally feel it on yourself. The attacker will gain access to all your senses. He will be able to see with your eyes – there are cameras in the helmet. He can hear with your ears – there are microphones in the helmets. He will be able to project an image onto your retina. He will be able to modify the virtual world at will, ”Petterson explained in a telephone conversation with Motherboard journalists.
According to the researchers, the vulnerability in Steam VR and VRChat is especially dangerous. For its operation, the attacker needs only to embed the exploit into the chat room and invite the victim to it. From now on, he will be able to turn on her microphone and camera, as well as manipulate the content displayed in the helmet.
To make matters worse, an attacker can create a self-propagating worm that infects each visitor of the chat room, as well as invite their friends to the infected chat rooms.
Researchers reported their discovery to manufacturers, and vulnerabilities have been fixed. Nevertheless, the very fact of their existence indicates that manufacturers of virtual reality platforms still have much to do to ensure the safety of their users.