Mixed Reality (MR) devices are being increasingly adopted across a wide range of real-world applications, ranging from education and healthcare to remote work and entertainment. However, the unique immersive features of MR devices, such as 3D spatial interactions and the encapsulation of virtual objects by invisible elements, introduce new vulnerabilities leading to interaction obstruction and misdirection. We implemented latency, click redirection, object occlusion, and spatial occlusion attacks within a remote collaborative MR platform using the Microsoft HoloLens 2 and evaluated user behavior and mitigations through a user study. We compared responses to MR-specific attacks, which exploit the unique characteristics of remote collaborative immersive environments, and traditional security attacks implemented in MR. Our findings indicate that users generally exhibit lower recognition rates for immersive attacks (e.g., spatial occlusion) compared to attacks inspired by traditional ones (e.g., click redirection). Our results demonstrate a clear gap in user awareness and responses when collaborating remotely in MR environments. Our findings emphasize the importance of training users to recognize potential threats and enhanced security measures to maintain trust in remote collaborative MR systems.

翻译：混合现实（MR）设备正日益广泛地应用于现实世界的各个领域，涵盖教育、医疗、远程工作及娱乐等多个场景。然而，MR设备独特的沉浸式特性——如三维空间交互以及虚拟对象被不可见元素封装——引入了新的安全漏洞，可能导致交互阻碍与行为误导。我们在基于Microsoft HoloLens 2的远程协作MR平台上实现了延迟攻击、点击重定向攻击、物体遮挡攻击和空间遮挡攻击，并通过用户研究评估了用户行为及应对措施。我们比较了针对远程协作沉浸式环境特有弱点设计的MR专属攻击（如空间遮挡）与在MR环境中实现的传统安全攻击（如点击重定向）所引发的用户反应。研究结果表明，相较于受传统攻击启发的攻击方式，用户对沉浸式攻击的识别率普遍较低。我们的实验数据揭示了用户在MR环境中进行远程协作时，其安全意识与应对行为存在明显差距。本研究结果强调了通过用户培训提升威胁识别能力，以及加强安全措施以维护远程协作MR系统可信度的重要性。