Skip to main content

Researchers claim hackers can create havoc in the Oculus Rift, HTC Vive

Virtual reality headsets produced by Oculus VR and HTC are open to hackers according to a recent paper published by researchers from the University of New Haven in Connecticut. Their proof-of-concept attack targets OpenVR, an open-source software development kit created by Valve Software and supported by the HTC Vive and Oculus Rift PC-based headsets. The result? Changing what the viewer sees and thereby causing physical harm. 

The problem with the HTC Vive and Oculus Rift is that you can’t see the surrounding physical environment. The setup process includes defining your movement area in the real world while inside virtual reality, this space is defined by a grid that suddenly appears if you get too close to the playing area’s edge. Typically, the edge is an actual wall, a couch, or simply an area where observers can watch from a safe distance while you swing wildly with the controllers. 

Recommended Videos

But hackers with access to a compromised PC could alter that space. If, for some reason, headset owners were playing near a staircase, they could trip over the steps or fall down to the next floor. If a group of family members is watching from the couch, headset owners could get too close and start swinging the controllers at their heads. The physical dangers are certainly possible. 

With the proof-of-concept, the research team attached malware to an email to see what would happen once it infected the targeted PC. “It was created with little security in mind, and they’re completely relying on the security of the operating system and the user,” says Ibrahim Baggili, director of the university’s Cyber Forensics Research and Education Group. 

Naturally, there are already safeguards set in place to prevent the infection, such as antivirus software and firewalls. But the experiment targeted the VR platforms themselves to see what would happen if the typical safeguards failed. The software powering the Oculus Rift and HTC Vive failed to block the malware as it infiltrated through the OpenVR crack. Not only could the researchers change the boundary, but everything seen through the headsets. 

Both HTC and Valve Software wouldn’t comment on the findings, but Oculus VR pointed out that the majority of the Oculus Rift experiences are served up on the Oculus Store without OpenVR. Even more, adding encryption to Guardian would introduce bugs and “unnecessary complexity.” If your machine is compromised, all data is at risk, not just the VR experience. 

But a closer look at the report shows there is more to the issue than just altering the headset’s view. For instance, a deep dive into Steam discovered two authorization files hidden in the Steam folder that could be used to bypass two-factor authentication. Other files include the person’s name, port details, IP addresses, and data associated with specific apps. Researchers also found accessible “artifacts” with a number of applications such as Rec Room, AltspaceVR, Facebook Spaces, and Big Screen. 

The full disclosure will be presented in May during the 39th annual Institute of Electrical and Electronics Engineers Symposium on Security and Privacy. 

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Upgrade to the Alienware 18 Area-51 gaming laptop with RTX 5070 Ti — $500 off!
The Alienware 18 Area-51 Gaming Laptop on a white background.

You should be ready to spend a lot if you want a powerful gaming laptop, but you should also be on the lookout for potential savings. Now's a great time to check out Alienware deals because of Dell's Black Friday in July sale, which includes a fantastic offer for the Alienware 18 Area-51 gaming laptop. This configuration with the Nvidia GeForce RTX 5070 Ti graphics card is down from $3,300 to $2,800, which is still expensive, but you wouldn't want to miss this chance at $500 in savings. You have to hurry though, as stocks may run out at any moment!

Buy Now

Read more
Save $100 on our pick for the best printer
HP includes full ink bottles with the Smart Tank 7602.

What do we need to print these days? Tax forms, student essays, and clearly-legible letters? Not so much. Bright invites, pictures, and presentation accompaniments? Yes, yes, and yes! In today's world, the typical person's needs in an inkjet printer are far different than the last time you were likely to have bought a printer. And the industry is catching up. Right now, our pick for the overall best printer of 2025 is $100 off as part of early Prime Day deals. That makes the $450 printer just $350 if you buy now. Plus, it comes with two years of HP's ink included. So, tap the button below to go check out the HP Smart Tank 7602 for yourself or keep reading to see what we like about it and what we found out during our review.

BUY NOW

Read more
Apple’s work-from-home powerhouse is 24% off… and about to go extinct
The MacBook Air on a table in front of a window.

Hard-hitting MacBook deals are rare. People love their products and will happily buy them at full price, so sales aren't as incentivized as with other products. So, when we see a $400 savings on the most powerful version (the 24GB of RAM one) of the MacBook Air M3, dropping its price from $1,699 to $1,299, we love it. And that's exactly what's happening as part of this early Prime Day deal and one of the most exciting laptop deals in recent dates. Tap the button below to see it for yourself, or keep reading to get all of the details about the MacBook Air M3, what we discovered when we used it ourself, and why this deal may be the last of its kind.

BUY NOW

Read more