Virtual reality devices allow us to immerse ourselves like never before in entertainment such as video games or movies. The advancement of technology has allowed us to enjoy these devices from our homes, sitting comfortably. But of course, like any self-respecting advanced device, it has its dark side, and vulnerabilities can be found.
Several models of Virtual Reality headsets, from brands such as Meta, HTC and PlayStation, have cybersecurity vulnerabilities that expose their users to privacy issues and cyber attacks when using voice commands. This has been discovered by researchers from Rutgers University-New Brunswick, in the United States, who have published their study 'Face-Mic', in which they have analyzed the security functions surrounding voice commands in headsets.
Apparently, a flaw in the function could pose a privacy problem for users, as well as expose them to possible cyber attacks. Now, how do cybercriminals manage to break into systems? Let's see it. A vulnerability was discovered in several Virtual Reality devices.
Due to the presence of different motion sensors in these devices, cybercriminals can detect small facial movements associated with speech to access the content of voice commands. Researchers have demonstrated the existence of vulnerabilities from an attack known as 'eavesdropping', that is, in which the attacker secretly listens to the victim.
The researchers have studied three types of vibrations that these types of devices usually pick up, including facial movements, vibrations in the air and bone vibrations, that is, through the bones. The latter, in particular, allows knowing the user's gender, identity and speech information. It is an attack that affects both high-end viewers and those made of cardboard, and that allows this information to filter ...
That being said, what if we were the victims of an attack on our VR device? The discovered vulnerability could give access to very important user data. The most notable are: account passwords, phone numbers or credit card numbers. The study aims to increase visibility into the security issues surrounding these complex devices. Of course, it is not intended to scare users, but rather to raise awareness of the dangers that can be run. Being entertainment devices, we can think of them as toys when in fact they are not.