By profiting from unknown vulnerabilities, hackers may have hacked into people’s computers by merely having them join a chat room within the popular virtual reality applications Steam VR and VRChat.
Security researchers Alex Radocea and Philip Pettersson discovered vulnerabilities in three completely different virtual reality platforms that may have allowed hackers to take over the target’s computer because of the researchers defined in a talk on the Recon hacking conference in Montreal last week. The vulnerabilities have been in VRChat, the virtual home function of Valve’s Steam VR, and High Fidelity, an open-source platform for virtual reality.
The researchers stated they reported the vulnerabilities to the VR developers, which fastened them. However, these bugs present that VR builders have a whole lot of work to do to secure their customers.
Petterson and Radocea mentioned that the VRChat and Steam VR vulnerabilities have been particularly dangerous.
By embedding an exploit in a chat room, all a hacker needed to do was invite individuals to it to take over their computer systems. At that time, the hacker may activate their webcams, microphones, or manipulate what they see inside their VR headset. Hackers might have even made this into a worm, a self-spreading VR malware that infected anybody who entered a chat room, after which invited all their associates to open the malicious chat room—probably reaching all VRChat or Steam VR users, similar to the infamous MySpace worm did in 2005.
The researchers made a demo video displaying how a hack like this may appear to be.
VRChat, Valve, and High Fidelity didn’t immediately reply to a request for comment.