Meta's VR headsets are supposedly vulnerable to hacking exploits that can leave affected users trapped in a "malicious" VR environment, a new research study claimed.
A team of researchers from the University of Chicago noted how hackers can use Meta's Quest VR system to launch "inception attacks" on vulnerable users to steal sensitive information.
'Inception Attack' on VR Headsets: How Does it Work?
This can supposedly be done by exploiting a loophole in the headset's "developer mode" to install malware to their headset or gain access to the user's home screen, display and audio stream, as well as browsing activity.
With a little help from AI generation and phishing scams, cybercriminals can steal sensitive login credentials and online banking activities.
The use of a fake VR environment is done so that bad actors can steal information through the device while the unsuspecting victim is trying to exit the spoofed simulation.
However, the exploit can only be done if the hacker also has the same access to the user's Wi-Fi network.
As of its publication, no reports of the so-called "inception attacks" were made.
It is worth noting that the study is yet to be peer-reviewed. It was first reported by the MIT Tech Review.
Meta told Tech Review that it is already working with academic researchers "as part of our bug bounty program and other initiatives."
The study was published as Meta CEO Mark Zuckerberg beefs up against the Apple Vision Pro, insisting that his Quest 3 is "better."
AI-Powered Cyberattacks Continue to Increase
The University of Chicago follows the growing trend of incorporating AI tools in hacking and online scam operations as the technology becomes more readily available to the public.
Several tech firms, including OpenAI and Microsoft, have determined that hackers are using their AI technology to automate their operations in the US, particularly in healthcare institutions and federal agencies.
It does not help that Meta has been noted before for failing to immediately respond with hacking reports.