Hackers can see what you’re doing in VR through a piece of malware called Big Brother. Well, sort of. There’s 171 million people worldwide using some sort of VR setup. Some of them are using Android-based systems, like Meta’s Oculus or the HTC Vive.
Those users are the ones at risk. ReasonLabs identified a new attack vector which can connect remotely to Android-based VR devices and record the headset screen. Once the malware gets into a user’s computer, it lies in wait until the user starts using a device with Developer Mode enabled.
As soon as the Big Brother malware recognizes a VR device it quietly opens up a TCP port. It then has the ability to record the user’s headset screen remotely. It can record any time the device is on the same WiFi network as the infected computer.
The recordings can then be sent out from the infected computer to the attacker, thanks to the open TCP port.
So how bad is Big Brother?
In this neck of the woods we think about VR as a gaming related product. Which, sure, it is. But there are other industries out there which use VR setups for one reason or another. Healthcare, the military and manufacturers all use proprietary VR apps for training purposes. Installing those apps requires Developer Mode enabled.
All of a sudden this malware isn’t just spying, it’s engaging in corporate espionage. It’s a pretty big deal.
But back on the gaming side of things it’s not exactly safe, either. Developer Mode needs to be enabled on devices in order to install unofficial games and apps. Same thing with pirated software.
If all you’re doing with VR is playing some games, it’s maybe not so bad. Users still should protect themselves against it, but streamers make the same data available every day. It gets a little dicey when you’re working on undisclosed projects in VR, though. That could be information you don’t want to get out.
Or what about users who like to use apps like Virtual Desktop? A user logs into their email account, and now the attacker has an email address and the correct amount of password characters. Getting access to that email account is suddenly a lot easier.
The biggest problem, at least for the everyday VR user? Big Brother sends the data, which uses data. Depending on how it sends the data it could eat up quite a lot of data in the process. If you’re one of the unlucky people in the world with a data cap you might be quickly hitting your monthly allotment.
That’s not just a problem. That’s a potentially expensive problem.