Publication Details

Rise of the Metaverse's Immersive Virtual Reality Malware and the Man-in-the-Room Attack & Defenses

VONDRÁČEK, M.; BAGGILI, I.; CASEY, P.; MEKNI, M. Rise of the Metaverse's Immersive Virtual Reality Malware and the Man-in-the-Room Attack & Defenses. COMPUTERS & SECURITY, 2023, vol. 127, no. 1, p. 1-13. ISSN: 0167-4048.

Czech title

Vzestup malware v systémech virtuální reality a útok typu Man-in-the-Room a obrany

Type

journal article

Language

English

Authors

Vondráček Martin, Ing. (DIFS)
Baggili Ibrahim
CASEY, P.
MEKNI, M.

URL

https://www.sciencedirect.com/science/article/abs/pii/S0167404822003157

Keywords

Emerging technologies, Network-level security and protection, Network
communications, Network Protocols, Protection mechanisms, Quality
analysis and evaluation, System issues, Security and Privacy Protection,
Authentication, Communications Applications, Artificial, augmented, and
virtual realities, Virtual reality, Security and Protection, Invasive
software (viruses, worms, Trojan horses), Unauthorized access (hacking,
phreaking)

Abstract

The allure of the metaverse along with Virtual Reality (VR) technologies
and speed at which they are deployed may shift focus away from security
and privacy fundamentals. In this work we employ classic exploitation
techniques against cutting edge devices to obtain equally novel results.
The unique features of the Virtual Reality landscape set the stage for
our primary account of a new attack, the Man-in-the-Room (MitR). This
attack, realized from a vulnerable social networking application led to
both worming and botnet capabilities being adapted for VR with potential
critical impacts affecting millions of users. Our work improves the
state-of-the-art in VR security and socio-technical research in VR. It
shares several analytical and attacking tools, example exploits,
evaluation dataset, and vulnerability signatures with the scientific and
professional communities to ensure secure VR software development. The
presented results demonstrate the detection and prevention of VR
vulnerabilities, and raise questions in the law and policy domains
pertaining to VR security and privacy.

Published

2023

Pages

1–13

Journal

COMPUTERS & SECURITY, vol. 127, no. 1, ISSN 0167-4048

Book

Computers and Security

DOI

10.1016/j.cose.2022.102923

UT WoS

000927557200001

EID Scopus

2-s2.0-85146740131

BibTeX

@article{BUT188010,
  author="VONDRÁČEK, M. and BAGGILI, I. and CASEY, P. and MEKNI, M.",
  title="Rise of the Metaverse's Immersive Virtual Reality Malware and the Man-in-the-Room Attack & Defenses",
  journal="COMPUTERS & SECURITY",
  year="2023",
  volume="127",
  number="1",
  pages="1--13",
  doi="10.1016/j.cose.2022.102923",
  issn="0167-4048",
  url="https://www.sciencedirect.com/science/article/abs/pii/S0167404822003157"
}

Files