Researchers claim hackers can create havoc in the Oculus Rift, HTC Vive

Virtual reality headsets produced by Oculus VR and HTC are open to hackers according to a recent paper published by researchers from the University of New Haven in Connecticut. Their proof-of-concept attack targets OpenVR, an open-source software development kit created by Valve Software and supported by the HTC Vive and Oculus Rift PC-based headsets. The result? Changing what the viewer sees and thereby causing physical harm. 

The problem with the HTC Vive and Oculus Rift is that you can’t see the surrounding physical environment. The setup process includes defining your movement area in the real world while inside virtual reality, this space is defined by a grid that suddenly appears if you get too close to the playing area’s edge. Typically, the edge is an actual wall, a couch, or simply an area where observers can watch from a safe distance while you swing wildly with the controllers. 

But hackers with access to a compromised PC could alter that space. If, for some reason, headset owners were playing near a staircase, they could trip over the steps or fall down to the next floor. If a group of family members is watching from the couch, headset owners could get too close and start swinging the controllers at their heads. The physical dangers are certainly possible. 

With the proof-of-concept, the research team attached malware to an email to see what would happen once it infected the targeted PC. “It was created with little security in mind, and they’re completely relying on the security of the operating system and the user,” says Ibrahim Baggili, director of the university’s Cyber Forensics Research and Education Group. 

Naturally, there are already safeguards set in place to prevent the infection, such as antivirus software and firewalls. But the experiment targeted the VR platforms themselves to see what would happen if the typical safeguards failed. The software powering the Oculus Rift and HTC Vive failed to block the malware as it infiltrated through the OpenVR crack. Not only could the researchers change the boundary, but everything seen through the headsets. 

Both HTC and Valve Software wouldn’t comment on the findings, but Oculus VR pointed out that the majority of the Oculus Rift experiences are served up on the Oculus Store without OpenVR. Even more, adding encryption to Guardian would introduce bugs and “unnecessary complexity.” If your machine is compromised, all data is at risk, not just the VR experience. 

But a closer look at the report shows there is more to the issue than just altering the headset’s view. For instance, a deep dive into Steam discovered two authorization files hidden in the Steam folder that could be used to bypass two-factor authentication. Other files include the person’s name, port details, IP addresses, and data associated with specific apps. Researchers also found accessible “artifacts” with a number of applications such as Rec Room, AltspaceVR, Facebook Spaces, and Big Screen. 

The full disclosure will be presented in May during the 39th annual Institute of Electrical and Electronics Engineers Symposium on Security and Privacy. 

Emerging Tech

Awesome Tech You Can’t Buy Yet: Write music with your voice, make homemade cheese

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Gaming

These are the must-have games that every Xbox One owner needs

More than four years into its life span, Microsoft's latest console is finally coming into its own. From Cuphead to Halo 5, the best Xbox One games offer something for players of every type.
Gaming

Your PlayStation 4 game library isn't complete without these games

Looking for the best PS4 games out there? Out of the massive crop of titles available, we selected the best you should buy. No matter what your genre of choice may be, there's something here for you.
Movies & TV

The best shows on Netflix right now (March 2019)

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Computing

Apple iMac gets more powerful with new Intel CPUs, Radeon Pro graphics

Apple on Tuesday, March 19 refreshed its iMac lineup with new models featuring slightly more powerful Intel processors and new AMD graphics cards. The new 27-inch 5K model comes with options for Intel's six-core or eight-core ninth-gen…
Cars

Nvidia’s new simulator brings virtual learning to autonomous vehicle developers

Nvidia introduced a simulator for testing autonomous vehicle technologies. Drive Constellation is a cloud-based platform technology vendors can use to validate systems efficiently, safely, and much faster than with vehicles on real roads.
Photography

Paper designs digitize in real time using an Illustrator-connected paper tablet

Love graphic design, but prefer the feel of real paper? The new Moleskine Paper Tablet - Creative Cloud Connected syncs with Adobe Illustrator in real time, turning paper sketches into digital drawings.
Computing

Make the most of your toner with our five favorite color laser printers

Color laser printers have improved dramatically over the years, and today's models offer both blazing print speeds and great image quality. Here are our favorite color laser printers, from massive all-in-ones to smaller budget options.
Computing

Firefox 66 is here and it will soon block irritating autoplay videos

Do web advertisements have you frustrated? Mozilla is here to help. The latest version of the browser will soon block autoplaying videos by default and will also help make web page scrolling smoother.
Computing

USB4 will be the fastest and most uniform USB standard yet

USB4 is on the horizon and alongside a massive boost in speed it's also unifying with the Thunderbolt 3 standard to help finally create a singular wired connection protocol that all devices can enjoy.
Computing

The U.S. government plans to drop $500M on a ridiculously powerful supercomputer

The U.S. Department of Energy has announced plans to build a $500 million exascale supercomputer by 2021. The project, known as the Aurora supercomputer, is expected to boost research efforts in fields such as public health.
Buying Guides

Apple has powered up its iMac lineup, but which one should you opt for?

With new processors and graphics cards for both the 4K and 5K models, the iMac feels like a good option for creatives again. But which should you buy? Here's our guide to choosing the right Apple all-in-one for your needs.
Product Review

4K and 144Hz? Yup, the Acer Predator XB3 will max out your gaming PC

The Predator XB3 isn’t for the faint of heart. But if you have a system that can push over 100 frames per second in 4K screen resolution, this monster of a monitor might be the perfect match for your overpowered gaming rig.
Computing

HP spring sale: Save up to 58 percent on laptops, desktops, printers, and more

From now until March 23, the HP spring sale lets you take as much as 58 percent off of a huge range of laptops, desktop PCs, printers, and more, potentially saving you more than $1,000. We’ve rounded up a dozen of the best deals right…