Publication Details

Rise of the Metaverse's Immersive Virtual Reality Malware and the Man-in-the-Room Attack & Defenses

VONDRÁČEK, M.; BAGGILI, I.; CASEY, P.; MEKNI, M. Rise of the Metaverse's Immersive Virtual Reality Malware and the Man-in-the-Room Attack & Defenses. COMPUTERS & SECURITY, 2023, vol. 127, no. 1, p. 1-13. ISSN: 0167-4048.
Czech title
Vzestup malware v systémech virtuální reality a útok typu Man-in-the-Room a obrany
Type
journal article
Language
English
Authors
Vondráček Martin, Ing. (DIFS)
Baggili Ibrahim (FIT)
CASEY, P.
MEKNI, M.
URL
Keywords

Emerging technologies, Network-level security and protection, Network communications, Network Protocols, Protection mechanisms, Quality analysis and evaluation, System issues, Security and Privacy Protection, Authentication, Communications Applications, Artificial, augmented, and virtual realities, Virtual reality, Security and Protection, Invasive software (viruses, worms, Trojan horses), Unauthorized access (hacking, phreaking)

Abstract

The allure of the metaverse along with Virtual Reality (VR) technologies and speed at which they are deployed may shift focus away from security and privacy fundamentals. In this work we employ classic exploitation techniques against cutting edge devices to obtain equally novel results. The unique features of the Virtual Reality landscape set the stage for our primary account of a new attack, the Man-in-the-Room (MitR). This attack, realized from a vulnerable social networking application led to both worming and botnet capabilities being adapted for VR with potential critical impacts affecting millions of users. Our work improves the state-of-the-art in VR security and socio-technical research in VR. It shares several analytical and attacking tools, example exploits, evaluation dataset, and vulnerability signatures with the scientific and professional communities to ensure secure VR software development. The presented results demonstrate the detection and prevention of VR vulnerabilities, and raise questions in the law and policy domains pertaining to VR security and privacy.

Published
2023
Pages
1–13
Journal
COMPUTERS & SECURITY, vol. 127, no. 1, ISSN 0167-4048
Book
Computers and Security
DOI
UT WoS
000927557200001
EID Scopus
BibTeX
@article{BUT188010,
  author="VONDRÁČEK, M. and BAGGILI, I. and CASEY, P. and MEKNI, M.",
  title="Rise of the Metaverse's Immersive Virtual Reality Malware and the Man-in-the-Room Attack & Defenses",
  journal="COMPUTERS & SECURITY",
  year="2023",
  volume="127",
  number="1",
  pages="1--13",
  doi="10.1016/j.cose.2022.102923",
  issn="0167-4048",
  url="https://www.sciencedirect.com/science/article/abs/pii/S0167404822003157"
}
Files
Back to top