Publication Details
Immersive Virtual Reality Malware Pandemics and the Man-in-the-Room Attack
Virtual Reality, Mixed Reality, VR Privacy, Security Analysis, Network Traffic Analysis, Penetration Testing, Reverse Engineering, Application Patching, Forensic Analysis, Responsible Disclosure, Bigscreen, Unity.
In this work we present a primary account of the first Virtual Reality (VR) Botnet, worm and Man-in-the-Room attacks. We explore the applicability of old attacks in a new technological medium and the severity of the impact of these new attacks. We devise our proof-of-concept in the context of a widely used VR social application -- Bigscreen. Unsurprisingly, our results illustrated a lack of security posture in the tested application, but more importantly, the novelty of the work is grounded in the severity impact of the malicious abuse of Immersive Virtual Reality, and the uniqueness of being virtually in the presence of others without their knowledge or consent. Our work should inspire technical solutions to improve the state-of-the-art in VR security, socio-behavioral research in VR, and raise questions in the law and policy domains pertaining to VR security and privacy.
@inproceedings{BUT168472,
author="VONDRÁČEK, M. and BAGGILI, I. and CASEY, P.",
title="Immersive Virtual Reality Malware Pandemics and the Man-in-the-Room Attack",
booktitle="2020 IEEE Symposium on Security and Privacy (SP)",
year="2020",
publisher="IEEE Computer Society",
address="San Francisco, CA",
isbn="978-1-5386-6660-9",
url="https://www.fit.vut.cz/research/publication/12130/"
}