Some of your fictional buddies and adversaries are there in the Bigscreen lobby – Bob, Alice, Mallory, and Trudy the latter attacker is running a C&C server capable of controlling victims’ computers and eavesdropping on private rooms.
#Bigscreen vr desktop gone software
I highly recommend watching the man-in-the-room attack proof of concept, as it shows the researchers’ software automating the attack process. In addition to the flaws allowing an attacker to turn on a victim’s microphone and listen in on private conversations, the vulnerabilities also allowed “a self-replicating worm to spread across the Bigscreen community by infecting the lobby and users.” A different layer of privacy has been invaded.” “They can’t see you, they can’t hear you, but the hacker can hear and see them, like an invisible Peeping Tom. “Our research shows hackers are able to monitor people day in and day out – listen to what they are saying and see how they are interacting in virtual reality,” said Baggili, founder and co-director of the University of New Haven Cyber Forensics Research & Education Group. The flaws made it possible for an attacker to gain access to users’ systems without the users being any wiser – and it didn’t require tricking the users into installing anything. I’m not gonna lie the researchers’ novel attack – dubbed a man-in-the-room attack – wigged the privacy and security freak in me out. Since Bigscreen likes to describe itself as a “virtual living room,” the attack would be like an invisible stranger taking over your living room – but it’s not taking over your living room – it’s an invisible stranger taking over your computer, which likely has much more private stuff connected to your real and digital lives than your living room could ever hold. With an NSF-funded Virtual Reality Security & Forensics project, University of New Haven researchers Ibrahim Baggili, Peter Casey and Martin Vondráček totally pwned it thanks to security vulnerabilities in the Bigscreen game development platform.
It has more than 500,00 users and allows those users to make their avatars, chat in the lobby, hang out, make private rooms, watch movies together in an amphitheater-style cinema, collaborate on projects, and more.
#Bigscreen vr desktop gone free
Breathe easy – it’s been fixed, but it’s still freaky.īigscreen Beta, a free and popular VR app available on Steam – which has support for HTC Vive, Oculus Rift, and Windows Mixed Reality – is like a hangout and more. Attackers could also exploit the flaws to gain complete control over Bigscreen users’ computers, to secretly deliver malware, and even to start a worm infection spreading through VR. Meet the new man-in-the-room attack, which exploited vulnerabilities in the Bigscreen virtual reality (VR) app, allowing attackers to invisibly eavesdrop in VR rooms.