The Charger Blog
Charger Blogger Shares Perspective on Failure and New Beginnings
Beatrice Glaviano '26 reflects on the importance of bouncing back after setbacks.
University News
Using Bigscreen, a popular virtual reality application, researchers at the University of New Haven were able to listen to users’ conversations and access their computers without their knowledge.
February 19, 2019
A team of researchers at the University of New Haven discovered that Bigscreen, a well-known and popular virtual reality (VR) application, and Unity, the game development platform BigScreen is built on, are vulnerable to hackers. Bigscreen, which describes itself as a "virtual living room," enables users to watch movies, collaborate on projects together and more.
Without users’ knowledge and consent – and without tricking users into downloading software or granting access to the computer – University of New Haven researchers were able to:
Click here to view a YouTube proof of concept video summarizing and demonstrating the findings.
"Our research shows hackers are able to monitor people day in and day out – listen to what they are saying and see how they are interacting in virtual reality," said Ibrahim Baggili, founder and co-director of the University of New Haven Cyber Forensics Research and Education Group. "They can’t see you, they can’t hear you, but the hacker can hear and see them, like an invisible Peeping Tom. A different layer of privacy has been invaded."
Baggili and his team presented the research findings to Bigscreen and Unity. Bigscreen CEO and Founder Darshan Shankar said Feb. 14 the company has patched the issues. Unity recently added language to its website warning users the platform can be "used to open more than just webpages, with important security implications you must be aware of."
Baggili and his team have not performed tests to determine if vulnerabilities still exist.
"They can’t see you, they can’t hear you, but the hacker can hear and see them, like an invisible Peeping Tom. A different layer of privacy has been invaded."Ibrahim Baggili, Ph.D.
The researchers – Baggili, Elder Family Endowed Chair of Computer Science and Cybersecurity and an internationally recognized expert in cybersecurity and digital forensics; Peter Casey '19 M.S. (computer science); and Martin Vondráček, visiting graduate student from Brno University of Technology – recently uncovered the technology vulnerabilities while testing the security of VR systems through a National Science Foundation-funded project. Vondráček then wrapped up the research into a command and control tool to show the severity of the findings. For disclosure details, go to the University of New Haven Cyber Forensics Research and Education Group website
According to Bigscreen, users log up to 20-30 hours a week using the system, with some logging more than 1,000 hours. TechCrunch reported in 2017 the company had 150,000 users.
Baggili and Casey have uncovered susceptibilities in other popular virtual reality systems – including HTC Vive and Oculus Rift – revealing that hackers could alter the experience of users. Several years ago, Baggili and his team uncovered liabilities in the messaging apps WhatsApp, Viber and others that affected more than 1.5 billion users, garnering significant international media coverage.
The Charger Blog
Beatrice Glaviano '26 reflects on the importance of bouncing back after setbacks.
The Charger Blog
Kadmiel B. Adusei '20 M.S. was presented the Outstanding Young Alumni Award, Anil Shah '86 M.S. received the Distinguished Lifetime Alumni Award, and RBC Bearings was presented with the Exemplary Partner Award.
The Charger Blog
Members of the Gaia Initiative gained insights and expanded their professional networks at the Student Managed Investment Fund Consortium (SMIFC) conference in Chicago, boosting their skills to benefit a University scholarship fund and their careers.