University of New Haven Researchers Discover Critical Vulnerabilities in Popular Virtual Reality Application

Using Bigscreen, a popular virtual reality application, researchers at the University of New Haven were able to listen to users' conversations and access their computers without their knowledge

WEST HAVEN, Conn., Feb. 20, 2019 — (PRNewswire) —  A team of researchers at the University of New Haven discovered that Bigscreen, a well-known and popular virtual reality (VR) application, and Unity, the game development platform BigScreen is built on, are vulnerable to hackers. Bigscreen, which describes itself as a "virtual living room," enables users to watch movies, collaborate on projects together and more.

Without users' knowledge and consent – and without tricking users into downloading software or granting access to the computer – University of New Haven researchers were able to:

  • Turn on user microphones and listen to private conversations
  • Join any VR room including private rooms
  • Create a replicating worm that infects users as soon as they enter a room with other VR users
  • View user computer screens in real time
  • Send messages on a user's behalf
  • Download and run programs – including malware – onto user computers
  • Join users in VR while remaining invisible. This novel attack was termed as a Man-In-The-Room (MITR) attack.
  • Phish users into downloading fake VR drivers

Click here to view a YouTube proof of concept video summarizing and demonstrating the findings.

"Our research shows hackers are able to monitor people day in and day out – listen to what they are saying and see how they are interacting in virtual reality," said Ibrahim Baggili, founder and co-director of the University of New Haven Cyber Forensics Research and Education Group ( https://www.unhcfreg.com). "They can't see you, they can't hear you, but the hacker can hear and see them, like an invisible Peeping Tom. A different layer of privacy has been invaded."

Baggili and his team presented the research findings to Bigscreen and Unity. Bigscreen CEO and Founder Darshan Shankar said Feb. 14 the company has patched the issues. Unity recently added language to its website warning users the platform can be "used to of."

Baggili and his team have not performed tests to determine if vulnerabilities still exist.

The researchers - Baggili, Elder Family Endowed Chair of Computer Science and Cybersecurity and an internationally recognized expert in cybersecurity and digital forensics; master's student Peter Casey; and Martin Vondráček, visiting master's student from Brno University of Technology, recently uncovered the technology vulnerabilities while testing the security of VR systems through a National Science Foundation-funded project. Martin Vondráček then wrapped up the research into a command and control tool to show the severity of the findings. For disclosure details, go to the University of New Haven Forensic Sciences Research & Education Group website: https://www.unhcfreg.com/.

According to Bigscreen, users log up to 20-30 hours a week using the system, with some logging over 1000 hours. TechCrunch reported in 2017 the company had 150,000 users.

Baggili and Casey have uncovered susceptibilities in other popular virtual reality systems – including HTC Vive and Oculus Rift – revealing that hackers could alter the experience of users. Several years ago, Baggili and his team uncovered liabilities in the messaging apps WhatsApp, Viber and others that affected more than 1.5 billion users, garnering significant international media coverage.

About the University of New Haven

The University of New Haven, founded on the Yale campus in 1920, is a private, coeducational university situated on the coast of southern New England. It's a diverse and vibrant community of more than 7,000 students with campuses around the country and around the world. 

Within its colleges and schools, students immerse themselves in a transformative, career-focused education across the liberal arts and sciences, fine arts, business, engineering, public safety and public service. More than 100 academic programs are offered, all grounded in a long-standing commitment to collaborative, interdisciplinary, project-based learning.

 

 

Cision View original content to download multimedia: http://www.prnewswire.com/news-releases/university-of-new-haven-researchers-discover-critical-vulnerabilities-in-popular-virtual-reality-application-300798914.html

SOURCE University of New Haven

Contact:
Company Name: University of New Haven
Name: Karin Meadows, Mobile: 240-888-8359, Office: 202-518-6496, Email: Email Contact
Web: http://www.newhaven.edu


Featured Video
Jobs
Currently No Featured Jobs
Upcoming Events
Consumer Electronics Show 2025 - CES 2025 at Las Vegas Convention Center NV - Jan 7 - 10, 2025
ESD Alliance "Savage on Security” Webinar at United States - Jan 23, 2025
SEMICON Korea 2025 at Hall A, B, C, D, E, GrandBallroom, PLATZ, COEX, Seoul Korea (South) - Feb 19 - 21, 2025
DVCon U.S. 2025 at United States - Feb 24 - 27, 2025



© 2024 Internet Business Systems, Inc.
670 Aberdeen Way, Milpitas, CA 95035
+1 (408) 882-6554 — Contact Us, or visit our other sites:
AECCafe - Architectural Design and Engineering TechJobsCafe - Technical Jobs and Resumes GISCafe - Geographical Information Services  MCADCafe - Mechanical Design and Engineering ShareCG - Share Computer Graphic (CG) Animation, 3D Art and 3D Models
  Privacy PolicyAdvertise