Rise of the Metaverse's Immersive Virtual Reality Malware and the Man-in-the-Room Attack & Defenses

• https://www.sciencedirect.com/science/article/abs/pii/S0167404822003157

Emerging technologies, Network-level security and protection, Network communications, Network Protocols, Protection mechanisms, Quality analysis and evaluation, System issues, Security and Privacy Protection, Authentication, Communications Applications, Artificial, augmented, and virtual realities, Virtual reality, Security and Protection, Invasive software (viruses, worms, Trojan horses), Unauthorized access (hacking, phreaking)

The allure of the metaverse along with Virtual Reality (VR) technologies and speed at which they are deployed may shift focus away from security and privacy fundamentals. In this work we employ classic exploitation techniques against cutting edge devices to obtain equally novel results. The unique features of the Virtual Reality landscape set the stage for our primary account of a new attack, the Man-in-the-Room (MitR). This attack, realized from a vulnerable social networking application led to both worming and botnet capabilities being adapted for VR with potential critical impacts affecting millions of users. Our work improves the state-of-the-art in VR security and socio-technical research in VR. It shares several analytical and attacking tools, example exploits, evaluation dataset, and vulnerability signatures with the scientific and professional communities to ensure secure VR software development. The presented results demonstrate the detection and prevention of VR vulnerabilities, and raise questions in the law and policy domains pertaining to VR security and privacy.