Toward Static Analysis of Immersive Attacks

Immersive attacks are a novel class of security threats that emerge from the immersive nature of virtual reality (VR) interfaces. Unlike traditional cyber attacks that target users’ sensitive information, immersive attacks target users’ immersive experience: their visual perception and sense of direction. Despite their high damage potential, countermeasures for immersive attacks are still underexplored. In this work, we demonstrate how one can implement immersive attacks using OpenXR, a unifying standard that enables running vendor-independent VR applications on various VR platforms. We explore strategies for detecting such attacks through the perspective of static code analysis, a popular technique for application security vetting. We discuss the requirements and challenges for static analyses aimed at detecting immersive attacks, highlighting in particular the lack of cross-language support in existing tools and the absence of domain-specific knowledge needed to recognize these attacks.