Recon Montreal 2019

»Snow Crashing Virtual Reality, 2019 Edition«
2019-06-30, 13:00–14:00, Grand Salon

In 1992, Neal Stephenson published Snow Crash. In a virtual world, the Metaverse, a virus spreads by breaking into people's computers but it also causes fatal brain-damage. We took a look at a few popular VR titles today and found vulnerabilities we could use to remotely take over other players computers as well as their visual cortex...

Excited by the future of Virtual Reality & Alternate Reality, we took a look at the security of some popular games. We found a variety of flaws that led to remote code execution. These flaws let a malicious player take over other players computers while interacting in VR.

In this talk we’ll describe the the threat model for some popular VR game titles and the give an overview of the attack surfaces. In a social context, privacy and consent are very important in AR/VR and developers have to think ahead and plan against abuse in their games. The social aspect makes remote code execution vulnerabilities in AR/VR particularly dangerous for users in the context of an online community.