Hacking virtual reality (VR) headsets: a new side-channel attack on Meta and HTC devices π₯½β―β―β―πΌπ¨π»βπ»π―
Security researchers Wei Sun, Minghong Fang, and Mengyuan Li present some interesting findings on effective side-channel attacks on VR headsets: from a distance of 2 meters, they were able to reconstruct user activity with 99% accuracy.
The headsets the authors tested are Meta Quest 3 and HTC VIVE XR Elite, and both devices were vulnerable to this new type of attack. An attacker can see (1) which VR app is running and (2) what the user is doing inside the app. Interesting indeed!
More than that, the authors have not tested the maximum possible distance yet, only the possibility of the attack. With a directional antenna and proper amplifiers, the results may be better.
Sounds like new toys have the same old vulnerabilities :) Enjoy the read!
More details:
VReaves: Eavesdropping on Virtual Reality App Identity and Activity via Electromagnetic Side Channels [PDF]: https://arxiv.org/abs/2506.17570


