Side-channel Inference of User Activities in AR/VR Using GPU Profiling
Seonghun Son
Network and Distributed System Security (NDSS) Symposium 2026 · Day 1 · Apps & Cloud Security
As AR/VR headsets move beyond entertainment into medical, education, and industrial applications, the privacy implications of these always-on immersive devices become critical. This research reveals that the **built-in GPU profiler** on MetaQuest devices -- the dominant XR platform with over **80% market share** -- creates a measurable side-channel that allows a background process to infer user activities with alarming accuracy. Using just a **1 Hz sampling rate** (one data point per second), the researchers achieved nearly **100% accuracy** in identifying which applications and websites a user is viewing, over **80% accuracy** in identifying specific 3D objects being rendered, and **100% accuracy** in counting meeting participants.
AI review
A practical GPU side-channel attack against MetaQuest AR/VR devices that achieves near-perfect app fingerprinting and solid 3D object identification using only the built-in GPU profiler at 1 Hz. The attack surface is real, the threat model is reasonable, and Meta paid a bounty. However, the ML classification techniques are standard and the attack requires the malicious app to survive background termination, which is increasingly restricted on modern platforms.