Are virtual/mixed reality glasses really safe?

Options
Architech
edited May 28 in General Topics

hello everyone!

Since 2023 I have had PICO 4, and during this time I was wondering about the security of this type of device when you log in to websites or applications with your account. Can they see your account and password for your sites/accounts? After all, you are logging in from their ecosystem.

I understand that the main point of interest of the companies that design these machines is to track all the actions and metadata of the users, so I understand that there is a real interest in tracking all this, being a really intrusive action that would violate the privacy of the users. users, but that would be "validated" by users who accept it without having a real perception of it.

Helpless not to know if I was being monitored or not, I did a quick search on the internet, but surprisingly I didn't find anything that addressed this issue. Normally, when talking about security, they usually refer to not having data stolen from the device, but no one talks about whether the device itself steals its clients' data.

And I find this especially worrying when behind the two best-selling viewers are the parent companies of Facebook and TikTok, famous for exploiting the privacy of their users.

In conclusion, deeply concerned about my safety and that of the rest of the users, I publish this message in the hope that someone can shed some more light on this matter and know if there is a version of bitdefender to install on this type of device. (Although I imagine that the mobile application is the one that would be installed when using, at least in the case of the PICO 4, Android as the base operating system.)

Many thanks for everything.

Comments

  • Alexandru_BD
    Options

    Hello,

    VR devices collect extensive data, including user movements, biometric data, and interactions. This information, if not properly secured, could be misused. Manufacturers need to ensure strong encryption and data protection measures to safeguard this sensitive data. Like any internet-connected device, these headsets can be vulnerable to hacking. Potential threats include unauthorized access to the device, interception of data, and even remote control. Security patches and regular updates from manufacturers are crucial to mitigate these risks.

    Regarding the specific PICO 4 VR headset, I think the best approach would be to ask the vendor directly. They display an email address under their privacy policy here:

    https://www.picoxr.com/global/legal/privacy-policy

    Can they see your account and password for your sites/accounts? - According to their privacy policy available at the aforementioned link, when you register an account to use the PICO Services, you will provide information such as your username, profile photo, email address, the country you are located in, and your date of birth. They don't mention any passwords and anyway such information should only be in the possession of the user and not shared with the vendor.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • Architech
    Options

    Of course, I am aware that like any site where you register, you give your name, email and password to the company/website/service you register with.
    On a computer it is assumed that if you register on a website, the operating system is not collecting that data and sending it to the brand that developed the operating system.
    However, in the world of VR glasses, it has been seen that there were international sanctions against the parent company of Pico4 for espionage in the USA. And what worries me is that if I use the Pico 4 as monitors on my computer, everything I see on them is being broadcast in real time or being monitored/recorded and sent to the Pico 4 without my prior consent.
    Obviously they have the technical possibility of recording everything the user does within the device, and I am concerned that the legislation of both the company itself and the countries involved makes indiscriminate spying on users who use this type of gadget possible.

    For all these reasons, I asked in the Bitdefender forum about whether any cybersecurity expert had personally tested whether this type of tracking is real or if the devices do not collect more data than the email and password of the device's own account.

  • Alexandru_BD
    Options

    First, I really appreciate you taking the time to write to us here, thank you for sharing your concerns and opinions on this topic.

    The Bitdefender security researchers did not test this unit specifically, but it presumably works just as other VR headsets on the market. This means that the primary sensors in VR devices are typically focused on tracking movement and the environment for VR interactions, not for recording detailed content like what is typed on a screen. The device's privacy policy does not mention the collection of this type of data.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user