Facebook is no stranger to hackers attempting to steal sensitive data from its users online. However, the company may also be facing these threats in virtual reality. According to a team of cybersecurity researchers, the Facebook Meta Quest VR headset is vulnerable to “inception-style” attacks that would allow hackers to steal their information without them even knowing it.

In their experiment, researchers were able to attack a user’s headset by joining the same WiFi network as them. If the headset was in developer mode, researchers were then able to plant malware on the device that created a phony home screen experience for the user that looked identical to the real one. This effectively creates a “simulation within a simulation” for users who would never know they were interacting with a fake experience set up to steal their data.

“While the user thinks they are interacting normally with different VR applications, they are in fact interacting within a simulated world, where everything they see and hear has been intercepted, relayed, and possibly altered by the attacker,” researchers wrote in the study.

Facebook hasn’t yet said if it will fix this vulnerability, but this seems serious enough that the company should be compelled to take action soon.

Recommended Resources

Choose what the experts use: award-winning cybersecurity you can trust and rely on.

Surf the web truly incognito. Try Bitdefender Premium VPN, the ultra-fast VPN that keeps your online identity and activities safe from hackers, ISPs and snoops.

System Mechanic 14 – Make your computer run like new. Winner of 200+ Editor’s Choice awards!