VR Chat Rooms Had been Hacked by The Hackers – Took Management Over Consumer Actuality
Taking advantage of unknown security vulnerabilities, hackers may have hacked into people’s computers by simply adding them to a chat room within the popular virtual reality applications Steam VR and VRChat.
Security researchers Alex Radocea and Philip Pettersson discovered vulnerabilities in three completely different virtual reality platforms that may have allowed hackers to take over the target’s computer, according to the researchers in a presentation at the Recon Hacking Conference in Montreal last week had defined. The vulnerabilities were VRChat, the virtual home feature of Valve’s Steam VR, and High Fidelity, an open source virtual reality platform.
The researchers said they reported the vulnerabilities to VR developers, which fixed them. However, these flaws mean that VR makers have a lot of work to do to keep their customers safe.
Petterson and Radocea mentioned that the VRChat and Steam VR vulnerabilities were particularly dangerous.
By embedding an exploit in a chat room, a hacker simply had to invite individuals to take over their computer systems. At this point, the hacker can activate their webcams, microphones, or whatever they see in their VR headset. Hackers may even have turned this into a worm, self-propagating VR malware that infected anyone who entered a chat room. After that, they invited all of their staff to open the malicious chat room – and likely reached out to any VRChat or Steam VR user, similar to the infamous MySpace worm that did it in 2005.
The researchers made a demo video showing what such a hack might look like.
VRChat, Valve, and High Fidelity didn’t immediately respond to a request for comment.