Researchers have found a security vulnerability in Meta’s VR headset that allows attackers on the same Wifi network to be able to manipulate the headset user’s view. Attackers could create a clone of the headset home screen, and track the user’s actions and record credentials. The vulnerability is accessed by entering developer mode in headsets, which is usually used for debugging purposes. The study revealed that out of 27 participants, only 10 people noticed a slight lag, and only one person flagged it as suspicious activity. Researchers are concerned that this vulnerability attack could become more sophisticated through deepfakes, but for now, because VR use is not widespread, there is still time to build security and defenses.
