A study on the vulnerability has been published in the ACM MobiCom Conference and will be presented by the researchers at the upcoming International Conference on Mobile Computing and Networking in March.
Voice interactions are becoming more prevalent in VR and AR as they branch out into applications beyond gaming, compared to traditional handheld-controller interactions. Researchers from Rutgers University showed that hackers could access the built-in motion sensors on face-mounted virtual reality (VR) and augmented reality (AR) headsets in an eavesdropping attack.
Their attack, Face-Mic, captures speech-associated subtle facial dynamics from these zero-permission motion sensors and infer sensitive information from live human speech, such as speaker gender, identity, and speech content. Using a deep-learning-based approach and four mainstream VR headsets, the team validated the generalizability, effectiveness, and high accuracy of Face-Mic in extracting speech information.
"Face-Mic is the first work that infers private and sensitive information by leveraging the facial dynamics associated with live human speech while using face-mounted AR/VR devices. Our research demonstrates that Face-Mic can derive the headset wearer's sensitive information with four mainstream AR/VR headsets, including the most popular ones: Oculus Quest and HTC Vive Pro," said research leader Yingying "Jennifer" Chen, associate director of WINLAB and graduate director of electrical and computer engineering at Rutgers University-New Brunswick.
"By analyzing the facial dynamics captured with the motion sensors, we found that both cardboard headsets and high-end headsets suffer security vulnerabilities, revealing a user's sensitive speech and speaker information without permission," said Chen.
"Given our findings, manufacturers of VR headsets should consider additional security measures, such as adding ductile materials in the foam replacement cover and the headband, which may attenuate the speech-associated facial vibrations that would be captured by the built-in accelerometer/gyroscope," Chen continued.
You can read more from the study here.