Virtual reality: Oculus Rift and HTC Vive Hacked

American researchers have demonstrated that it is possible to take control of a virtual reality headset using malware and alter the content that the user sees.

Is it possible to hack into a virtual reality headset and modify visual cues to the point of causing the user to bump into walls or other surrounding obstacles? The answer is yes, at least according to the conclusions of a team of researchers at the University of New Haven in Connecticut (United States) who tested the defenses of the two best-known models: the Oculus Rift (Facebook) and the HTC Vive.

These two virtual reality headsets were infected by malware propagated on the computer to which they were connected via an e-mail bomb.” They (the Oculus Rift and HTC Vive, NDRL helmets) were designed with little regard for safety and relied completely on the safety of the operating system and the user,” says one of the researchers.

Virtual borders manipulated

The attack that served as proof of concept for this work was conducted by targeting the OpenVR development kit used by the video game streaming platform Steam. Researchers have thus discovered unencrypted access to cameras, screens and virtual helmet border systems. These are used to prevent the user from hitting physical obstacles in the location.

In one of the demonstrations, the attackers managed to change these boundaries to get a player across the room while in the game he thought he was still. The attack succeeded in distorting the practical barriers of the Vive helmet, but not those of the Oculus. This study has been the subject of a previously published scientific article, while a second is currently being peer-reviewed. These papers will be presented next month at the IEEE Symposium on Security and Privacy.