A Preview Into The “Big Brother” Metaverse Attack Vector

By Dana Yosifovich

Setting The Stage

The metaverse and virtual reality have arrived — 171 million people worldwide are using some form of VR today, with many users utilizing Android-powered devices such as Meta’s Oculus and HTC’s Vive.

What Is The ‘Big Brother’ Threat?

ReasonLabs researchers have identified an attack vector that can connect remotely to Android-based VR devices and record the headset screen.

Why Is This Happening?

Healthcare, defense, and manufacturing enterprises use proprietary VR apps to train their employees. To install these apps, devices must be switched into Developer Mode. The move to Developer Mode is also required to install unofficial or pirated versions of games and apps.

How Does It Work?

Once the malware enters a user’s computer, the threat stays idle on the PC, waiting for a Developer Mode-enabled device to connect. As soon as the malware recognizes a connected VR device, it begins its actions to open a TCP port. The malware can then record the user’s headset screen remotely, anytime the device is connected to the same WiFi network as the infected computer. Recordings can be exfiltrated back to the attacker.

Industry Actions Are Needed

Due to the growth of the metaverse, EDR providers must adapt their systems to provide defense for next-generation threats. As such, the new version of RAV Endpoint Protection prevents malware, including the “Big Brother” threat, from utilizing remote device attacks.

What Should Consumers Do Next?

It’s important for consumers to understand the risks in switching their devices to Developer Mode. If Developer Mode is necessary, be sure to take the proper precautions by utilizing next-generation endpoint protection solutions on all personal devices.