Virtual Reality (VR) has gained popularity by providing immersive and interactive experiences without geographical limitations. It also provides a sense of personal privacy through physical separation. In this paper, we show that despite assumptions of enhanced privacy, VR is unable to shield its users from side-channel attacks that steal private information. Ironically, this vulnerability arises from VR's greatest strength, its immersive and interactive nature. We demonstrate this by designing and implementing a new set of keystroke inference attacks in shared virtual environments, where an attacker (VR user) can recover the content typed by another VR user by observing their avatar. While the avatar displays noisy telemetry of the user's hand motion, an intelligent attacker can use that data to recognize typed keys and reconstruct typed content, without knowing the keyboard layout or gathering labeled data. We evaluate the proposed attacks using IRB-approved user studies across multiple VR scenarios. For 13 out of 15 tested users, our attacks accurately recognize 86%-98% of typed keys, and the recovered content retains up to 98% of the meaning of the original typed content. We also discuss potential defenses.

翻译：虚拟现实（VR）凭借其不受地理限制的沉浸式交互体验而日益流行，同时通过物理隔离提供了个人隐私感。本文表明，尽管VR被认为能增强隐私，但它无法保护用户免受窃取私密信息的侧信道攻击。讽刺的是，这种脆弱性恰恰源于VR的最大优势——其沉浸式交互特性。我们通过在共享虚拟环境中设计并实现一套新型击键推断攻击来证明这一点：攻击者（VR用户）可通过观察其他用户的虚拟化身，恢复其输入内容。尽管虚拟化身仅显示用户手部运动的带噪遥测数据，但智能攻击者能够利用这些数据识别被按下的按键并重构输入内容，而无需了解键盘布局或收集标注数据。我们通过IRB批准的用户研究，在多个VR场景下评估了所提攻击。在15名测试用户中，针对其中13名用户，我们的攻击能准确识别86%-98%的按键，且恢复内容保留原始输入内容高达98%的语义。本文还讨论了潜在的防御措施。