TY - JOUR
T1 - Tracking WebVR User Activities through Hand Motions
T2 - An Attack Perspective
AU - Lee, Jiyeon
N1 - Publisher Copyright:
Copyright © 2024 The Institute of Electronics, Information and Communication Engineers.
PY - 2024/8
Y1 - 2024/8
N2 - With the rapid advancement of graphics processing units (GPUs), Virtual Reality (VR) experiences have significantly improved, enhancing immersion and realism. However, these advancements also raise security concerns in VR. In this paper, I introduce a new attack leveraging known WebVR vulnerabilities to track the activities of VR users. The proposed attack leverages the user’s hand motion information exposed to web attackers, demonstrating the capability to identify consumed content, such as 3D images and videos, and pilfer private drawings created in a 3D drawing app. To achieve this, I employed a machine learning approach to process controller sensor data and devised techniques to extract sensitive activities during the use of target apps. The experimental results demonstrate that the viewed content in the targeted content viewer can be identified with 90% accuracy. Furthermore, I successfully obtained drawing outlines that precisely match the user’s original drawings without performance degradation, validating the effectiveness of the attack.
AB - With the rapid advancement of graphics processing units (GPUs), Virtual Reality (VR) experiences have significantly improved, enhancing immersion and realism. However, these advancements also raise security concerns in VR. In this paper, I introduce a new attack leveraging known WebVR vulnerabilities to track the activities of VR users. The proposed attack leverages the user’s hand motion information exposed to web attackers, demonstrating the capability to identify consumed content, such as 3D images and videos, and pilfer private drawings created in a 3D drawing app. To achieve this, I employed a machine learning approach to process controller sensor data and devised techniques to extract sensitive activities during the use of target apps. The experimental results demonstrate that the viewed content in the targeted content viewer can be identified with 90% accuracy. Furthermore, I successfully obtained drawing outlines that precisely match the user’s original drawings without performance degradation, validating the effectiveness of the attack.
KW - hand motion tracking
KW - privacy violation
KW - side-channel attacks
KW - virtual reality
KW - WebVR
UR - http://www.scopus.com/inward/record.url?scp=85200509693&partnerID=8YFLogxK
U2 - 10.1587/transinf.2024EDL8009
DO - 10.1587/transinf.2024EDL8009
M3 - Article
AN - SCOPUS:85200509693
SN - 0916-8532
VL - E107.D
SP - 1089
EP - 1092
JO - IEICE Transactions on Information and Systems
JF - IEICE Transactions on Information and Systems
IS - 8
ER -