You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Your codebases (GraphicsTools-Unreal and GraphicsTools-Unnity) provide resource monitoring APIs to help developers stabilize their games’ rendering performance. However, we found that such resource monitoring APIs could be exploited by attackers to launch side-channel attacks on AR/VR systems. Our projects have demonstrated such side-channel attacks could be deployed on the Microsoft Hololens 2 and Oculus Quest 2.
We reported our findings to Microsoft Bug Bounty Program. The case submission is CRM:0461000294.
However, the issue was marked as Not a Vulnerability. The behavior is considered to be by design.
Directly presenting security issues here may bring in some ethical issues.
Thus, can we officially communicate via email?
Sorry, I can not find your contact information. But you can contact me via yzhan846@ucr.edu.
Completely blocking all these APIs seems unreasonable since they are important for tuning AR/VR games. We can meet to discuss some defense methods for mitigating such leakage vectors.
Expected behavior
You can check our paper for all 5 possible side-channel attacks.
Your setup (please complete the following information)
Unity version 2020.3.16f1 and Unreal Engine version 4.27.2.
Graphics Tools Version [v0.4.0]
Target platform (please complete the following information)
HoloLens 2
Meta Quest 2
The content you are editing has changed. Please copy your edits and refresh the page.
Describe the bug
Summary
Your codebases (GraphicsTools-Unreal and GraphicsTools-Unnity) provide resource monitoring APIs to help developers stabilize their games’ rendering performance. However, we found that such resource monitoring APIs could be exploited by attackers to launch side-channel attacks on AR/VR systems. Our projects have demonstrated such side-channel attacks could be deployed on the Microsoft Hololens 2 and Oculus Quest 2.
We reported our findings to Microsoft Bug Bounty Program. The case submission is CRM:0461000294.
However, the issue was marked as Not a Vulnerability. The behavior is considered to be by design.
Also, the work on side-channel attack has been accepted to Usenix Security 2023 (https://www.usenix.org/conference/usenixsecurity23/presentation/zhang-yicheng). We are happy to share all our findings with you and help your product fix such vulnerabilities.
To reproduce
Directly presenting security issues here may bring in some ethical issues.
Thus, can we officially communicate via email?
Sorry, I can not find your contact information. But you can contact me via yzhan846@ucr.edu.
Completely blocking all these APIs seems unreasonable since they are important for tuning AR/VR games. We can meet to discuss some defense methods for mitigating such leakage vectors.
Expected behavior
You can check our paper for all 5 possible side-channel attacks.
Your setup (please complete the following information)
Target platform (please complete the following information)
Tasks
Tasks
The text was updated successfully, but these errors were encountered: