Thesis Details

Security Analysis of Immersive Virtual Reality and Its Implications

Master's Thesis Student: Vondráček Martin Academic Year: 2018/2019 Supervisor: Pluskal Jan, Ing., Ph.D.
Czech title
Bezpečnostní analýza virtuální reality a její dopady
Language
English
Abstract

Immersive virtual reality is currently used not only for entertainment but also for work and social interaction where user's privacy and confidentiality of the information has a high priority. Unfortunately, security measures applied by software vendors are often not sufficient. This thesis delivers an extensive security analysis of a popular VR application Bigscreen which has more than 500,000 users. Techniques of network traffic analysis, penetration testing, reverse engineering, and even application crippling were utilised. Research led to a discovery of critical vulnerabilities directly exposing the privacy of the users and allowing the attacker to take full control of a victim's computer. Found security flaws allowed distribution of malware and creation of a botnet using a computer worm spreading in virtual environments. A novel VR cyber attack Man-in-the-Room was implemented. Furthermore, a security vulnerability in the Unity engine was discovered. Carried out responsible disclosure has helped to mitigate the risks for more than half a million Bigscreen users and all affected Unity applications worldwide.

Keywords

Immersive Virtual Reality, Man-in-the-Room Attack, Responsible Disclosure, Bigscreen, Unity, Forensic Analysis, Security Analysis, Network Traffic Analysis, Penetration Testing, Reverse Engineering, Application Patching, Application Crippling, Augmented Reality, Mixed Reality, HTC Vive, Oculus Rift, Altspace VR, Rec Room, Facebook Spaces

Department
Department of Information Systems FIT BUT
Degree Programme
Information Technology, Field of Study Intelligent Systems
Files
Status
defended, grade A
Date
17 June 2019
Reviewer
Ryšavý Ondřej, doc. Ing., Ph.D.
Committee
Zbořil František, doc. Ing., Ph.D. (DITS FIT BUT), předseda
Bidlo Michal, doc. Ing., Ph.D. (DCSY FIT BUT), člen
Burget Lukáš, doc. Ing., Ph.D. (DCGM FIT BUT), člen
Grézl František, Ing., Ph.D. (DCGM FIT BUT), člen
Lucká Mária, prof. RNDr., Ph.D. (FIIT STU), člen
Rogalewicz Adam, doc. Mgr., Ph.D. (DITS FIT BUT), člen
Citation
VONDRÁČEK, Martin. Security Analysis of Immersive Virtual Reality and Its Implications. Brno, 2019. Master's Thesis. Brno University of Technology, Faculty of Information Technology. 2019-06-17. Supervised by Pluskal Jan. Available from: https://www.fit.vut.cz/study/thesis/22158/
BibTeX 
@mastersthesis{FITMT22158,
    author = "Martin Vondr\'{a}\v{c}ek",
    type = "Master's thesis",
    title = "Security Analysis of Immersive Virtual Reality and Its Implications",
    school = "Brno University of Technology, Faculty of Information Technology",
    year = 2019,
    location = "Brno, CZ",
    language = "english",
    url = "https://www.fit.vut.cz/study/thesis/22158/"
}

Theses

Back to top