Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
110 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Remote Keylogging Attacks in Multi-user VR Applications (2405.14036v2)

Published 22 May 2024 in cs.CR

Abstract: As Virtual Reality (VR) applications grow in popularity, they have bridged distances and brought users closer together. However, with this growth, there have been increasing concerns about security and privacy, especially related to the motion data used to create immersive experiences. In this study, we highlight a significant security threat in multi-user VR applications, which are applications that allow multiple users to interact with each other in the same virtual space. Specifically, we propose a remote attack that utilizes the avatar rendering information collected from an adversary's game clients to extract user-typed secrets like credit card information, passwords, or private conversations. We do this by (1) extracting motion data from network packets, and (2) mapping motion data to keystroke entries. We conducted a user study to verify the attack's effectiveness, in which our attack successfully inferred 97.62% of the keystrokes. Besides, we performed an additional experiment to underline that our attack is practical, confirming its effectiveness even when (1) there are multiple users in a room, and (2) the attacker cannot see the victims. Moreover, we replicated our proposed attack on four applications to demonstrate the generalizability of the attack. Lastly, we proposed a defense against the attack, which has been implemented by major players in the VR industry. These results underscore the severity of the vulnerability and its potential impact on millions of VR social platform users.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (67)
  1. Input system. https://docs.unity3d.com/Packages/[email protected]/manual/index.html.
  2. Map controllers. https://developer.oculus.com/documentation/unity/unity-ovrinput/#unity-ovrinput.
  3. Mirror networking. https://mirror-networking.gitbook.io/docs/.
  4. Photon fusion. https://doc.photonengine.com/fusion/current/getting-started/fusion-intro#hosted_mode___server_mode.
  5. Source multiplayer networking. https://developer.valvesoftware.com/wiki/Source_Multiplayer_Networking.
  6. Faceit client anit-cheat. https://www.faceit.com/en/anti-cheat, October 2023.
  7. Memorable password generator. https://springhole.net/writing_roleplaying_randomators/memorable-password.htm, August 2023.
  8. Rec room. https://recroom.com/, June 15 2023.
  9. Steam overlay. https://partner.steamgames.com/doc/features/overlay, October 2023.
  10. Unity netcode. https://unity.com/products/netcode, October 2023.
  11. Wireshark. https://www.wireshark.org/, June 15 2023.
  12. Steamvr. https://store.steampowered.com/app/250820/SteamVR/, May 13 2024.
  13. Eric Abbruzzese. Virtual reality statistics 2024 – data and facts! https://www.demandsage.com/virtual-reality-statistics/, March 16 2024.
  14. Vr-spy: A side-channel attack on virtual key-logging in vr headsets. In 2021 IEEE Virtual Reality and 3D User Interfaces (VR), pages 564–572. IEEE, 2021.
  15. Keystroke recognition using wifi signals. In Proceedings of the 21st annual international conference on mobile computing and networking, pages 90–102, 2015.
  16. AltspaceVR. wireshark-photon-dissector. https://github.com/AltspaceVR/wireshark-photon-dissector/tree/master.
  17. Review of deep learning: Concepts, cnn architectures, challenges, applications, future directions. Journal of big Data, 8:1–74, 2021.
  18. battleye. Battleye. https://www.battleye.com/, October 2023.
  19. XR Bootcamp. Comparing unity vs unreal for vr, mr or ar development projects. https://xrbootcamp.com/unity-vs-unreal-engine-for-xr-development/#:~:text=Popular%20VR%20Games%20and%20Social%20Platforms%20made%20with%20Unity,-Oculus%20is%20the&text=This%20is%20one%20of%20the,platform%20are%20made%20by%20Unity.
  20. {{\{{TouchLogger}}\}}: Inferring keystrokes on touch screen from smartphone motion. In 6th USENIX Workshop on Hot Topics in Security (HotSec 11), 2011.
  21. Immersive virtual reality attacks and the human joystick. IEEE Transactions on Dependable and Secure Computing, 2019.
  22. Exploring user reactions and mental models towards perceptual manipulation attacks in mixed reality. In USENIX Security, volume 18, 2023.
  23. Support-vector networks. Machine learning, 20:273–297, 1995.
  24. dsky. Vr tech 411 : 6dof, xyz + ypr, position + orientation in 3space. https://blog.dsky.co/2015/05/13/vr-tech-411-6dof-xyz-ypr-position-orientation-in-3space/.
  25. Performance envelopes of virtual keyboard text input strategies in virtual reality. In 2019 IEEE International Symposium on Mixed and Augmented Reality (ISMAR), pages 289–300. IEEE, 2019.
  26. EPIC. Easy anti-cheat. https://easy.ac/en-us/, October 2023.
  27. {{\{{LocIn}}\}}: Inferring semantic location from spatial maps in mixed reality. In 32nd USENIX Security Symposium (USENIX Security 23), pages 877–894, 2023.
  28. Gabriel Gambetta. Fast-paced multiplayer (part iii): Entity interpolation. https://www.gabrielgambetta.com/entity-interpolation.html.
  29. Hidden reality: Caution, your hand gesture inputs in the immersive virtual world are visible to all! In 32nd USENIX Security Symposium (USENIX Security 23), pages 859–876, 2023.
  30. Keyboard acoustic side channel attacks: exploring realistic and security-sensitive scenarios. International Journal of Information Security, 14:443–456, 2015.
  31. Lightgbm: A highly efficient gradient boosting decision tree. Advances in neural information processing systems, 30, 2017.
  32. You can type, but you can’t hide: A stealthy gpu-based keylogger. In Proceedings of the 6th European Workshop on System Security (EuroSec). Citeseer, 2013.
  33. Alyssa Lamberti. What is acceptable packet loss? 10 https://obkio.com/blog/acceptable-packet-loss/, Mar 31 2023.
  34. Gradient-based learning applied to document recognition. Proceedings of the IEEE, 86(11):2278–2324, 1998.
  35. {{\{{AdCube}}\}}:{{\{{WebVR}}\}} ad fraud and practical confinement of {{\{{Third-Party}}\}} ads. In 30th USENIX Security Symposium (USENIX Security 21), pages 2543–2560, 2021.
  36. I know what you enter on gear vr. In 2019 IEEE Conference on Communications and Network Security (CNS), pages 241–249. IEEE, 2019.
  37. When good becomes evil: Keystroke inference with smartwatch. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 1273–1285, 2015.
  38. Holologger: Keystroke inference on mixed reality head mounted displays. In 2022 IEEE Conference on Virtual Reality and 3D User Interfaces (VR), pages 445–454. IEEE, 2022.
  39. Kim Lyons. Rec room rides uptick in users during the pandemic to become a vr unicorn. https://www.theverge.com/2021/3/25/22350421/rec-room-teenagers-gaming-users-pandemic-virtual-reality.
  40. Smartwatch-based keystroke inference attacks and context-aware protection mechanisms. In Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, pages 795–806, 2016.
  41. A keylogging inference attack on air-tapping keyboards in virtual environments. In 2022 IEEE Conference on Virtual Reality and 3D User Interfaces (VR), pages 765–774. IEEE, 2022.
  42. Going incognito in the metaverse. arXiv preprint arXiv:2208.05604, 2022.
  43. Unique identification of 50,000+ virtual reality users from head & hand motion data. arXiv preprint arXiv:2302.08927, 2023.
  44. Truth in motion: The unprecedented risks and opportunities of extended reality motion data, 2023.
  45. Industry News and Insights. Vr game market 2023 trends: Report deliverables and forecast to 2030. https://www.linkedin.com/pulse/vr-game-market-2023-trends-report-deliverables.
  46. Nvidia. Nvidia vcr. https://info.nvidia.com/xr-vcr-reg-page.html, March 2023.
  47. OpenAI. Chatgpt based on gpt-4. https://www.openai.com/, 2022.
  48. Lord of the ring (s): Side channel attacks on the {{\{{CPU}}\}}{{\{{On-Chip}}\}} ring interconnect are practical. In 30th USENIX Security Symposium (USENIX Security 21), pages 645–662, 2021.
  49. Frank Rosenblatt. The perceptron: a probabilistic model for information storage and organization in the brain. Psychological review, 65(6):386, 1958.
  50. Soundcomber: A stealthy and context-aware sound trojan for smartphones. In NDSS, volume 11, pages 17–33, 2011.
  51. Wipass: 1d-cnn-based smartphone keystroke recognition using wifi signals. Pervasive and Mobile Computing, 73:101393, 2021.
  52. Going through the motions:{{\{{AR/VR}}\}} keylogging from user head motions. In 32nd USENIX Security Symposium (USENIX Security 23), pages 159–174, 2023.
  53. Perception hacking for 2d cursorjacking in virtual reality. 2022.
  54. Visible: Video-assisted keystroke inference from tablet backside motion. In NDSS, 2016.
  55. Unity Technologies. Unity xr input. https://docs.unity3d.com/Manual/xr_input.html.
  56. {{\{{OVRseen}}\}}: Auditing network traffic and privacy policies in oculus {{\{{VR}}\}}. In 31st USENIX security symposium (USENIX security 22), pages 3789–3806, 2022.
  57. Unity. Unity documentation: Transform. https://docs.unity3d.com/ScriptReference/Transform.html, October 2023.
  58. Linde VirtualAcademy. Is your frame rate affecting your vr experience. https://vr.linde.com/2022/10/06/is-your-frame-rate-affecting-your-vr-experience/, October 6 2022.
  59. VRChat. Vrchat. https://hello.vrchat.com/, June 15 2023.
  60. Mole: Motion leaks through smartwatch sensors. In Proceedings of the 21st annual international conference on mobile computing and networking, pages 155–166, 2015.
  61. Communication in immersive social virtual reality: A systematic review of 10 years’ studies, 2022.
  62. Privacy leakage via unrestricted motion-position sensors in the age of virtual reality: A study of snooping typed input on virtual keyboards. In 2023 IEEE Symposium on Security and Privacy (SP), pages 3382–3398. IEEE Computer Society, 2023.
  63. Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks, pages 113–124, 2012.
  64. Towards a general video-based keystroke inference attack. In Proceedings of the 2023 32nd USENIX Security Symposium, Anaheim, CA, USA, pages 9–11, 2023.
  65. Graphics peeping unit: Exploiting em side-channel information of gpus to eavesdrop on your neighbors. In 2022 IEEE Symposium on Security and Privacy (SP), pages 1440–1457. IEEE, 2022.
  66. Return-oriented flush-reload side channels on arm and their implications for android devices. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 858–870, 2016.
  67. It’s all in your head (set): Side-channel attacks on ar/vr systems. In USENIX Security, 2023.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (9)
  1. Zihao Su (2 papers)
  2. Kunlin Cai (3 papers)
  3. Reuben Beeler (1 paper)
  4. Lukas Dresel (2 papers)
  5. Allan Garcia (2 papers)
  6. Ilya Grishchenko (7 papers)
  7. Yuan Tian (183 papers)
  8. Christopher Kruegel (20 papers)
  9. Giovanni Vigna (20 papers)
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now