Publication Details

Rise of the Metaverse's Immersive Virtual Reality Malware and the Man-in-the-Room Attack & Defenses

VONDRÁČEK, M.; BAGGILI, I.; CASEY, P.; MEKNI, M. Rise of the Metaverse's Immersive Virtual Reality Malware and the Man-in-the-Room Attack & Defenses. COMPUTERS & SECURITY, 2023, vol. 127, no. 1, p. 1-13. ISSN: 0167-4048.

Czech title

Vzestup malware v systémech virtuální reality a útok typu Man-in-the-Room a obrany

Type

journal article

Language

English

Authors

Vondráček Martin, Ing. (DIFS)
Baggili Ibrahim
CASEY, P.
MEKNI, M.

URL

https://www.sciencedirect.com/science/article/abs/pii/S0167404822003157

Keywords

Emerging technologies, Network-level security and protection, Network
communications, Network Protocols, Protection mechanisms, Quality analysis and
evaluation, System issues, Security and Privacy Protection, Authentication,
Communications Applications, Artificial, augmented, and virtual realities,
Virtual reality, Security and Protection, Invasive software (viruses, worms,
Trojan horses), Unauthorized access (hacking, phreaking)

Abstract

The allure of the metaverse along with Virtual Reality (VR) technologies and
speed at which they are deployed may shift focus away from security and privacy
fundamentals. In this work we employ classic exploitation techniques against
cutting edge devices to obtain equally novel results. The unique features of the
Virtual Reality landscape set the stage for our primary account of a new attack,
the Man-in-the-Room (MitR). This attack, realized from a vulnerable social
networking application led to both worming and botnet capabilities being adapted
for VR with potential critical impacts affecting millions of users. Our work
improves the state-of-the-art in VR security and socio-technical research in VR.
It shares several analytical and attacking tools, example exploits, evaluation
dataset, and vulnerability signatures with the scientific and professional
communities to ensure secure VR software development. The presented results
demonstrate the detection and prevention of VR vulnerabilities, and raise
questions in the law and policy domains pertaining to VR security and privacy.

Published

2023

Pages

1–13

Journal

COMPUTERS & SECURITY, vol. 127, no. 1, ISSN 0167-4048

Book

Computers and Security

DOI

10.1016/j.cose.2022.102923

UT WoS

000927557200001

EID Scopus

2-s2.0-85146740131

BibTeX

@article{BUT188010,
  author="VONDRÁČEK, M. and BAGGILI, I. and CASEY, P. and MEKNI, M.",
  title="Rise of the Metaverse's Immersive Virtual Reality Malware and the Man-in-the-Room Attack & Defenses",
  journal="COMPUTERS & SECURITY",
  year="2023",
  volume="127",
  number="1",
  pages="1--13",
  doi="10.1016/j.cose.2022.102923",
  issn="0167-4048",
  url="https://www.sciencedirect.com/science/article/abs/pii/S0167404822003157"
}

Files