“Security researchers found critical vulnerabilities in three different virtual reality applications that would have allowed hackers to take control of victims’ computers.”
Steam VR, VRChat and High Fidelity are targeted.
Researchers said that they reported the vulnerabilities to the VR developers which fixed them
“When you get hacked in virtual reality you can definitely feel that yourself. The attacker has complete access to your senses,” Pettersson said in a phone call. “He can see through your eyes—the headsets have cameras. He can hear what you’re saying—they have microphones. He can project images into your retina. He can modify this virtual world in any way he wants.”
By exploiting the chatroom, all the hacker had to do was to invite people to take over their computer, the hacker had control over their webcams, microphones and manipulate what the user sees through the headset.
The hackers could create a program that invited also all of yours friend if you joined the room, and this would invite their friends, again and again.
Researchers made a demo video, showing how the hacking would look like.