Augmented Reality (AR) is expected to become a pervasive component in enabling shared virtual experiences. In order to facilitate collaboration among multiple users, it is crucial for multi-user AR applications to establish a consensus on the "shared state" of the virtual world and its augmentations, through which they interact within augmented reality spaces. Current methods to create and access shared state collect sensor data from devices (e.g., camera images), process them, and integrate them into the shared state. However, this process introduces new vulnerabilities and opportunities for attacks. Maliciously writing false data to "poison" the shared state is a major concern for the security of the downstream victims that depend on it. Another type of vulnerability arises when reading the shared state; by providing false inputs, an attacker can view hologram augmentations at locations they are not allowed to access. In this work, we demonstrate a series of novel attacks on multiple AR frameworks with shared states, focusing on three publicly-accessible frameworks. We show that these frameworks, while using different underlying implementations, scopes, and mechanisms to read from and write to the shared state, have shared vulnerability to a unified threat model. Our evaluation of these state-of-art AR applications demonstrates reliable attacks both on updating and accessing shared state across the different systems. To defend against such threats, we discuss a number of potential mitigation strategies that can help enhance the security of multi-user AR applications.
翻译:增强现实(AR)预计将成为实现共享虚拟体验的普遍组件。为了促进多用户之间的协作,多用户AR应用必须就虚拟世界及其增强效果的“共享状态”达成共识,用户通过该状态在增强现实空间中进行交互。当前创建和访问共享状态的方法会收集来自设备的传感器数据(如摄像头图像),对其进行处理,并将其整合到共享状态中。然而,这一过程引入了新的漏洞和攻击机会。恶意写入虚假数据以“污染”共享状态,对于依赖该状态的后续受害者的安全构成重大威胁。另一种漏洞出现在读取共享状态时:通过提供虚假输入,攻击者可以在其无权访问的位置查看全息增强内容。在本工作中,我们针对具有共享状态的多个AR框架展示了一系列新型攻击,重点关注三个公开可用的框架。我们表明,这些框架虽然采用不同的底层实现、范围和读写共享状态的机制,但在统一威胁模型下存在共同的漏洞。我们对这些最先进的AR应用的评估显示,在不同系统中,更新和访问共享状态的攻击均可靠有效。为防御此类威胁,我们讨论了若干潜在的缓解策略,这些策略有助于增强多用户AR应用的安全性。