VR headsets could be hacked in "Inception-esque" attacks — with attackers able to steal your data without you even noticing

As per the paper, hackers could, in theory, insert what they call an “Inception Layer” between the VR Home Screen and the VR User/Server. For example, the victim could open their banking app in virtual reality, and see their usual balance, while being completely bankrupt in reality. The hackers could also, potentially, trick the victim into initiating a wire transfer, while being completely oblivious to what’s actually going on.

VR phishing

Things can get even more crazy when you throw in generative AI, deepfakes, and other upcoming technology. People could end up thinking they were talking with their friends, coworkers, and bosses, in VR, while being taken for all they have, in the background.

While the threats sound ominous, it’s important to note that the researchers didn’t really explore the possibility of compromising these VR headsets. Whether or not they have a vulnerability that could be exploited this way is unknown at the time. What’s more, there is no proof-of-concept, no malware that could be able to pull such an attack off. 

Instead, the researchers were just interested in whether or not people would notice anything was amiss if such an infection did occur.

In total, 27 people were tested to see if they would notice anything strange during their session of Beat Saber. The only visual clue was a little flickering on the home screen before playing the game. In total, 10 people noticed the change, nine of which attributed it to an innocuous system glitch.

In other words, prepare to read about elaborate phishing scams in the metaverse.

Via Tom’s Hardware

More from TechRadar Pro

• Deepfake threats are on the rise - new research shows worrying rise in dangerous new scams
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now