Novel attacks against VR applications delivered over the internet : Gathering information about a virtual reality user / Nya attacker mot VR applikationer över internet

Stolpe Östman, Oscar, Samuelsson, Gunnar

January 2023

Virtual reality systems are increasing in popularity and are being applied to new areas as time moves on. Gaming and entertainment however still remain the most frequent implementation of virtual reality systems. Many applications are delivered over the internet which exposes a system to a number of security threats. This thesis investigates what methods an attacker potentially could use in an attempt to gain knowledge about a virtual reality user, with emphasis on reading user movements. A dedicated testbed is constructed in an attempt to compromise the users integrity based on the raw packet data sent over the network. Our findings indicate that the testbed in theory should be able to identify user actions. Further work is however needed in order to make it useful in an uncontrolled environment. Other methods show promising results, indicating that an attacker could learn what games a user is playing in an application like VRchat. These other methods did however not show indications of being able to reveal information about user movements.

Virtual reality

Fingerprinting attack

VR-security

Other Computer and Information Science

Annan data- och informationsvetenskap