Virginia Tech Study Uncovers Mixed-Reality System Vulnerabilities
In their most recent study, Virginia Tech researchers have outlined several security threats that might jeopardise mixed-reality systems. The analysis focused on weaknesses that might interfere with vital activities, including the manipulation of virtual objects during collaborative meetings utilising mixed-reality headsets. Twenty people from the institution participated in the study; the majority had little to no experience using mixed reality headsets. In many cases, participants did not know about the assaults and blamed irregularities on latency or technical problems.
The study identified that vulnerabilities in the system could be exploited by malicious actors to alter users’ perceptions of their surroundings, potentially impairing their ability to coordinate during collaborative efforts and leading to possible physical or psychological harm. The research underscored that limited attention has been given to the security weaknesses within extended reality (XR) platforms. Analysts have pointed out that many of these platforms are closed systems, which complicates code evaluation and audit processes.
The research utilised a HoloLens 2 headset—a model that Microsoft discontinued last year—which highlights that some current collaboration platforms may be outdated. Despite the limited number of collaboration tools available for enterprise and defence and the likelihood that many vulnerable tools do not connect to the open internet, experts emphasised the necessity for code evaluations and audits, particularly for government and enterprise applications that require secure operations.
The study also discussed the difficulties users encounter when trying to identify these types of assaults. One type of assault may change one user’s surroundings without harming others, or it might interfere with communication during crucial times, which would hinder teamwork. Additionally mentioned was the potential for a click redirection assault, in which a malevolent actor targets a 3D object in a collaborator’s perspective; the action that results may unintentionally alter another 3D item, leading to mistrust and misunderstanding among team members.
Additional vulnerabilities included an object occlusion attack, which involves placing an invisible barrier on 3D objects to impede remote connection, and a spatial occlusion attack, which disperses this interference across a larger area and blocks contact with several items. These occlusion attacks may lower project productivity since they demand users to approach virtual objects to interact with them.
Furthermore, the researchers demonstrated a latency attack that involved deliberately slowing the network speeds between participants’ headsets, significantly degrading the overall user experience. In response to these findings, the study recommended that users be educated about potential security threats and that system developers adopt security by design. Suggested safety measures included incorporating auditory cues to signal the location of objects and implementing a warning system to identify potential security breaches. Additionally, it was proposed that headset developers introduce user interface modifications—such as toggles and controls that highlight all objects in the environment—to enhance basic 3D view management and overall security.
