'Inception attacks' on Meta VR headsets can trap users in a fake VR environment, researchers found

Credit: Official GDC

Researchers have exposed a potentially major security vulnerability with Meta's virtual reality headsets, according to a new study.

A team of researchers from the University of Chicago said figured out a way to hack into Meta Quest headsets without the user knowing, allowing them to control the user's VR environment, steal information, and even manipulate interactions between users.

Researchers called the strategy an "inception attack," which they defined as "an attack where the attacker controls and manipulates the user's interaction with their VR environment, by trapping the user inside a single, malicious VR application that masquerades as the full VR system."