🚨 Meta VR headsets are vulnerable to a security attack that can trap users in a fake virtual reality environment, allowing attackers to spy on and manipulate users’ interactions.
🕵️ The “inception attack” involves creating a malicious VR application that mimics the original VR system, tricking users into thinking they are interacting normally.
💻 Researchers were able to clone VR applications like the Meta Quest Browser and VRChat, enabling them to spy on users’ sensitive information and manipulate data displayed to users.
😮 In a study with 27 participants, only a third noticed the glitch when their VR session was hijacked, and all but one assumed it was a normal performance issue.
🔐 The attack requires the headset to be in developer mode and connected to the same WiFi network as the attackers, highlighting potential security risks in Meta’s VR ecosystem.