Eavesdropping on Controller Acoustic Emanation for Keystroke Inference Attack in Virtual Reality
Shiqing Luo
Network and Distributed System Security (NDSS) Symposium 2024 · Day 3 · Physical Attacks
Virtual Reality (VR) is rapidly evolving from a niche gaming accessory into a pervasive computing platform, boasting over 171 million users and extending its utility across diverse sectors from healthcare to education. However, this expansion brings with it a burgeoning set of privacy challenges. VR systems, by their nature, collect and store vast amounts of personal data, including highly sensitive information such as passwords, credit card numbers, and biometric identifiers. The increasing reliance on VR for inputting such data necessitates robust security measures to protect users from sophisticated privacy breaches. This talk introduces **Heimdall**, a groundbreaking acoustic keystroke inference attack that exploits the distinct sounds emitted by VR controllers during user input.