#786: XR Safety Initiative: Security, Privacy, & Ethics in XR

The XR Safety Initiative (XRSI) was co-founded by Kavya Pearlman and formally announced at the Open AR Cloud Symposium on Tuesday, May 28, 2019. XRSI is going to be looking at the safety and security issues within XR in collaboration with security researcher Ibrahim Baggili, who published a landmark paper in IEEE Transactions on Dependable and Secure Computing in March 2019 titled “Immersive Virtual Reality Attacks and the Human Joystick.”

Casey, Baggili, & Yarramreddy discovered a number of novel VR attacks where they showed how they could disable the chaperone system and modify the virtual world in order to guide the user to move to specific physical locations. Pearlman reached out to Baggili, and they decided to co-found the XR Safety Initiative with security researcher Regine Bonneu. XRSI has started to categorize the different security threats and attack vectors, and they hope to collaborate with independent developers and the major companies in helping to develop best practices around safety and security.

XRSI is also going to be collaborating with governments and policy makers, promoting awareness of XR safety issues through their Ready Hacker One initiative, and collaborating with academic research institutions in order to continue to cultivate more research into security in immersive virtual environments. XRSI is also going to be looking at different privacy issues within XR, and exploring different ethical implications of the technology. (You can reach out on their contact form to get involved.)

I’m personally really excited that Pearlman is starting the XRSI in order to continue to work on these issues of safety, security, privacy, and ethics day to day. There is a lot of coordination that needs to happen between these major companies as well as independent developers in order to know who is responsible for what aspect of the five different threat vectors including the privacy of the input data, how to properly store and protect user data, ensuring the output to the user is protected, that the user interactions are protected, and the physical devices are also protected.

I had a chance to sit down with Pearlman to talk about XRSI about an hour before my own talk on The Ethical and Moral Dilemmas of XR, and we talked about the history and evolution of her work in the XR space, her privacy awakening moment while working as a contractor at Facebook, her takeaways from the VR Privacy Summit, and an overview of the open problems in the XR space around safety, security, and privacy that she hopes to be addressing.


Here’s Pearlman’s talk on Wednesday, May 29 at the Augmented World Expo 2019:

Here’s a panel discussion that Pearlman and I were on at the Open AR Cloud Symposium on Tuesday, May 28, 2019 just ahead of the start of AWE:

Here’s the abstract for Immersive Virtual Reality Attacks and the Human Joystick by Peter Casey, Ibrahim Baggili, & Ananya Yarramreddy

“This is one of the first accounts for the security analysis of consumer immersive Virtual Reality (VR) systems. This work breaks new ground, coins new terms, and constructs proof of concept implementations of attacks related to immersive VR. Our work used the two most widely adopted immersive VR systems, the HTC Vive, and the Oculus Rift. More specifically, we were able to create attacks that can potentially disorient users, turn their Head Mounted Display (HMD) camera on without their knowledge, overlay images in their field of vision, and modify VR environmental factors that force them into hitting physical objects and walls. Finally, we illustrate through a human participant deception study the success of being able to exploit VR systems to control immersed users and move them to a location in physical space without their knowledge. We term this the Human Joystick Attack. We conclude our work with future research directions and ways to enhance the security of these systems.”

The full pre-print is available for download on ResearchGate.

This is a listener-supported podcast through the Voices of VR Patreon.

Music: Fatality