Snow Crashing Virtual Reality, 2019 Edition

Presented at REcon 2019, June 30, 2019, 1 p.m. (60 minutes).

In 1992, Neal Stephenson published Snow Crash. In a virtual world, the Metaverse, a virus spreads by breaking into people's computers but it also causes fatal brain-damage. We took a look at a few popular VR titles today and found vulnerabilities we could use to remotely take over other players computers as well as their visual cortex... Excited by the future of Virtual Reality & Alternate Reality, we took a look at the security of some popular games. We found a variety of flaws that led to remote code execution. These flaws let a malicious player take over other players computers while interacting in VR. In this talk we’ll describe the the threat model for some popular VR game titles and the give an overview of the attack surfaces. In a social context, privacy and consent are very important in AR/VR and developers have to think ahead and plan against abuse in their games. The social aspect makes remote code execution vulnerabilities in AR/VR particularly dangerous for users in the context of an online community.

Presenters:

  • Alex Radocea
    Alex started in Security by pentesting financial firms from an office on Wall Street for Matasano. He cofounded RPISEC at RPI. He’s worked on the Product Security team at Apple, engineering teams at Crowdstrike, the Security team at Spotify. Some of the research Alex has presented includes binary static analysis, kernel security research, mobile messenger security, and browser hardening. Today hes a cofounder at Longterm Security, Inc

Links:

Similar Presentations: