Ethical Hacking of a Virtual Reality Headset / Etisk Hackning av ett par Virtuella Verklighets Glasögon

Höft, Olivia

January 2023

Weak product cybersecurity is an increasing problem within society, and a growing consumer product is the Virtual Reality (VR) headset. This thesis investigated common vulnerabilities in Internet of Things (IoT) consumer products and performed proof-of-concept exploits on the Meta Quest VR headset. The research method employed in this thesis was black-box penetration testing, a method to find possible vulnerabilities in a system. The method was provided by the Penetration Testing Execution Standard (PTES) and the scope was on network-related attacks on the VR headset. The PTES standard included doing a threat model of the Meta Quest VR headset to find possible vulnerabilities within the scope of this thesis. Furthermore, common vulnerabilities were studied and the findings resulted in the conducted attacks on the VR headset. The attacks were tested on an environment that mimics the situation that the target connects to a public Wireless Fidelity (WiFi) that the adversary created. The result showed that the Meta Quest VR headset had security countermeasures against potential threats. However, among the conducted attacks, a (Domain Name System) DNS spoofing attack was successful where it also was concluded that it could result in a Denial of Service (DoS) attack. / Svag cybersäkerhet för produkter är ett ökande problem i samhället, och en växande konsumentprodukt är Virituella Verklighets (VR) glasögon. Den här avhandlingen undersökte vanliga sårbarheter i Sakernas internet (IoT) konsumentprodukter och undersökte om det var möjligt att utnyttja på Meta Quests VR glasögon. Forskningsmetoden som användes i denna avhandling var black-box penetrationstestning, en metod för att hitta möjliga sårbarheter i ett system. Penetrationstestet utfördes enligt The Penetration Testing Execution Standard (PTES) och omfattningen var på nätverksrelaterade attacker på VR-headsetet. PTES-standarden inkluderade att göra en hot modell av Meta Quest VR-headsetet för att hitta möjliga sårbarheter inom omfattningen av denna avhandling. Vidare studerades vanliga sårbarheter och resultatet resulterade i de utförda attackerna mot VR-headsetet. Attackerna testades i en miljö som efterliknar situationen där offret ansluter till ett offentligt nätverk (WiFi) som förövaren skapat. Resultatet visade att Meta Quest VR headsetet hade motståndskraftiga säkerhetsåtgärder mot potentiella hot. Däremot, bland de utförda attackerna, var en Domännamnssystem (DNS) spoofing attack framgångsrik som också påvisade att attacken kunde resultera i en överbelastnings (DoS) attack.

Cyber Security

Ethical Hacking

Penetration Test

Virtual Reality Headset

Cyber Säkerhet

Etisk Hackning

Penetrationstest

Virituella Verklighets Glasögon

Computer and Information Sciences

Data- och informationsvetenskap

Presence through actions : theories, concepts, and implementations

Khan, Muhammad Sikandar Lal

January 2017

During face-to-face meetings, humans use multimodal information, including verbal information, visual information, body language, facial expressions, and other non-verbal gestures. In contrast, during computer-mediated-communication (CMC), humans rely either on mono-modal information such as text-only, voice-only, or video-only or on bi-modal information by using audiovisual modalities such as video teleconferencing. Psychologically, the difference between the two lies in the level of the subjective experience of presence, where people perceive a reduced feeling of presence in the case of CMC. Despite the current advancements in CMC, it is still far from face-to-face communication, especially in terms of the experience of presence. This thesis aims to introduce new concepts, theories, and technologies for presence design where the core is actions for creating presence. Thus, the contribution of the thesis can be divided into a technical contribution and a knowledge contribution. Technically, this thesis details novel technologies for improving presence experience during mediated communication (video teleconferencing). The proposed technologies include action robots (including a telepresence mechatronic robot (TEBoT) and a face robot), embodied control techniques (head orientation modeling and virtual reality headset based collaboration), and face reconstruction/retrieval algorithms. The introduced technologies enable action possibilities and embodied interactions that improve the presence experience between the distantly located participants. The novel setups were put into real experimental scenarios, and the well-known social, spatial, and gaze related problems were analyzed. The developed technologies and the results of the experiments led to the knowledge contribution of this thesis. In terms of knowledge contribution, this thesis presents a more general theoretical conceptual framework for mediated communication technologies. This conceptual framework can guide telepresence researchers toward the development of appropriate technologies for mediated communication applications. Furthermore, this thesis also presents a novel strong concept – presence through actions - that brings in philosophical understandings for developing presence- related technologies. The strong concept - presence through actions is an intermediate-level knowledge that proposes a new way of creating and developing future 'presence artifacts'. Presence- through actions is an action-oriented phenomenological approach to presence that differs from traditional immersive presence approaches that are based (implicitly) on rationalist, internalist views.

Presence

Immersion

Computer mediated communication

Strong concept

Phenomenology

Philosophy

Biologically inspired system

Neck robot

Head pose estimation

Embodied interaction

Virtual reality headset

Social presence

Spatial presence

Face reconstruction/retrieval

Telepresence system

Quality of interaction

Embodied telepresence system

Mona-Lisa gaze effect

eye-contact

Elektroteknik och elektronik

Computer Systems

Datorsystem

Communication Systems

Kommunikationssystem

Signal Processing

Signalbehandling