In Christopher Nolan's film "Inception," Leonardo DiCaprio, also known as "Little Li," plays a character who can enter the dreams of their targets, steal information, and insert false details into their subconscious.

Now, we are witnessing a similar attack method in the real world. Researchers at the University of Chicago have discovered a new attack method targeting virtual reality (VR) devices and have named it the "Inception Attack."

They found a security vulnerability in Meta's Quest VR system that hackers can use to hijack users' head-mounted devices, steal sensitive information, and manipulate their social interactions with the help of generative artificial intelligence.

The attack has not yet been abused. The threshold for executing the attack is high because it requires hackers to access the Wi-Fi network connected to the virtual reality device.

Advertisement

However, it is very deceptive, and those who are attacked are easily susceptible to phishing, fraud, and sexual inducement.In the attack, hackers created an application that injects malicious code into the Meta Quest VR system, and then launched a cloned version of the system's main interface, which looks exactly the same as the user's set interface, with the same application icons.

Once the malicious application is launched, attackers can see, record, and modify everything the user does with the head-mounted device.

This includes tracking voice, gestures, button presses, browsing activities, and even the user's social interactions. Attackers can even modify the messages the user sends to others. This research was exclusively shared with MIT Technology Review and is pending peer review.

A spokesperson for Meta said that the company plans to assess these findings: "We are always collaborating with academic researchers as part of our bug bounty program and other initiatives."

In recent years, virtual reality devices have become more and more popular, but the progress of security research lags behind product development.We currently lack defenses against virtual reality attacks. More importantly, the immersive nature of virtual reality makes it even harder for people to realize they have fallen into a trap.

University of Chicago computer science professor Heather Zheng led this research, she said: "It is shocking how vulnerable today's virtual reality systems are."

Invisible Attacks

"Dream theft attacks" exploit a vulnerability in the Meta Quest device. Users must enable "developer mode" to download third-party applications, adjust headset resolution, or take screenshots, but if an attacker is connected to the same Wi-Fi network, they can access the device through developer mode.The original intention of developer mode is to provide remote access rights for debugging personnel. However, attackers may maliciously exploit this access method to view what the user's main interface looks like and which applications are installed.

If an attacker can get hold of the device, or if the user downloads an application containing malware, the attacker can also carry out an attack. With this information, the attacker can replicate the user's main interface and applications.

An attacker can stealthily install an application that has been implanted with "dream theft attack" code. When the unsuspecting user exits the application and returns to the main interface, the attack is activated, hijacking the virtual reality device.

This attack can also capture the user's display and audio streams, which can be transmitted to the attacker in real time.

In this way, researchers were able to see the account passwords that the user entered on the bank's website. They were also able to manipulate the user's interface to display incorrect balances.When a user attempts to make a payment of 1 US dollar through a head-mounted device, researchers were able to change the amount to 5 US dollars without the user's awareness. This is because attackers can control what the user sees in the system and what the device emits.

The example of a bank transfer is particularly striking, according to Jiasi Chen, an associate professor of computer science at the University of Michigan, USA.

She mainly researches virtual reality but did not participate in this study. She added that such an attack could be combined with other malicious methods, such as tricking people into clicking on suspicious links.

The "Inception attack" can also be used to manipulate social interactions in virtual reality. Researchers cloned the VRChat application of Meta Quest, which allows users to communicate and interact with each other, each with their own virtual avatar. Researchers can intercept messages sent by people and arbitrarily tamper with the content of the messages.

Zheng said that generative artificial intelligence may make this threat worse, as attackers can use it to clone people's voices in real-time and generate deepfake images. Attackers can use these false images to manipulate people's behavior and interactions in the virtual reality world.Distorted Reality

To test whether people could be deceived by "dream hacking attacks," Zheng's team recruited 27 volunteers familiar with virtual reality technology.

Participants were asked to use some applications, such as a game called Beat Saber, where players can control lightsabers to hit musical rhythm notes flying towards them.

They were told that the study aimed to investigate their experience using virtual reality applications. Unbeknownst to them, researchers launched attacks on the volunteers' devices.The vast majority of participants did not harbor the slightest suspicion. Among the 27 individuals, only 10 noticed a minor "glitch" at the onset of the attack, but most of them believed it to be a normal delay issue. Only one person flagged some suspicious activity.

Zheng stated that once you enter the virtual reality world, you cannot verify what you see, and the immersive nature of this technology makes people trust it even more.

Franzi Roesner, an associate professor of computer science at the University of Washington, said that this could make such attacks particularly potent. She primarily researches security and privacy but did not participate in this study.

The team found that the best defense is to restore the device to its factory settings to remove the application.

Ben Zhao, a professor of computer science at the University of Chicago and a member of the research team, said that "Inception attacks" provide hackers with many different methods to infiltrate virtual reality systems and manipulate users.He stated, however, that due to the still limited adoption of virtual reality, we have time to develop more robust defense systems before these devices become more widespread.