English

Inception Attacks: Immersive Hijacking in Virtual Reality Systems

Cryptography and Security 2024-09-11 v2

Abstract

Today's virtual reality (VR) systems provide immersive interactions that seamlessly connect users with online services and one another. However, these immersive interfaces also introduce new vulnerabilities, making it easier for users to fall prey to new attacks. In this work, we introduce the immersive hijacking attack, where a remote attacker takes control of a user's interaction with their VR system, by trapping them inside a malicious app that masquerades as the full VR interface. Once trapped, all of the user's interactions with apps, services and other users can be recorded and modified without their knowledge. This not only allows traditional privacy attacks but also introduces new interaction attacks, where two VR users encounter vastly different immersive experiences during their interaction. We present our implementation of the immersive hijacking attack on Meta Quest headsets and conduct IRB-approved user studies that validate its efficacy and stealthiness. Finally, we examine effectiveness and tradeoffs of various potential defenses, and propose a multifaceted defense pipeline.

Keywords

Cite

@article{arxiv.2403.05721,
  title  = {Inception Attacks: Immersive Hijacking in Virtual Reality Systems},
  author = {Zhuolin Yang and Cathy Yuanchen Li and Arman Bhalla and Ben Y. Zhao and Haitao Zheng},
  journal= {arXiv preprint arXiv:2403.05721},
  year   = {2024}
}

Comments

13 pages

R2 v1 2026-06-28T15:14:13.534Z