Publication Details

Immersive Virtual Reality Malware Pandemics and the Man-in-the-Room Attack

VONDRÁČEK, M.; BAGGILI, I.; CASEY, P. Immersive Virtual Reality Malware Pandemics and the Man-in-the-Room Attack. 29th USENIX Security Symposium. Boston, MA, USA: 2020. p. 0-0.
Czech title
Šíření malware v systémech virtuální reality a útok typu Man-in-the-Room
Type
conference paper
Language
English
Authors
Vondráček Martin, Ing. (DIFS)
Baggili Ibrahim (FIT)
CASEY, P.
Keywords

Virtual Reality, Mixed Reality, VR Privacy, Security Analysis, Network Traffic Analysis, Penetration Testing, Reverse Engineering, Application Patching, Forensic Analysis, Responsible Disclosure, Bigscreen, Unity.

Abstract

In this work we present a primary account of the first Virtual Reality (VR) Worm & Botnet and Man-in-the-Room attacks. We explore the applicability of old attacks in a new technological medium and the severity of the impact of these new attacks. We devise our PoC in the context of a widely used VR social application - Bigscreen. Unsurprisingly, our results illustrated a lack of security posture in the tested application, but more importantly, the novelty of the work is grounded in the severity impact of the malicious abuse of Immersive Virtual Reality, and the uniqueness of being virtually in the presence of others without their knowledge or consent. Our work should inspire technical solutions to improve the state-of-the-art in VR security, socio-technical research in VR, and raise questions in the law and policy domains pertaining to VR security and privacy.

Published
2020
Pages
18
Proceedings
29th USENIX Security Symposium
Place
Boston, MA, USA
BibTeX 
@inproceedings{BUT168474,
  author="VONDRÁČEK, M. and BAGGILI, I. and CASEY, P.",
  title="Immersive Virtual Reality Malware Pandemics and the Man-in-the-Room Attack",
  booktitle="29th USENIX Security Symposium",
  year="2020",
  pages="18",
  address="Boston, MA, USA",
  url="https://www.fit.vut.cz/research/publication/12192/"
}
Files
Back to top