Man in the Room?

17. June 2019
We’ve learned how to protect our virtual accounts as well as computers in various ways and companies use sophisticated solutions to protect their data. Yet new threats keep emerging in the virtual space. One of them has been discovered by Czech student Martin Vondráček in cooperation with his American colleagues.
Man in the Room?

Martin Vondráček, a student of the Faculty of Information Technology at Brno University of Technology, had already dealt with online security in his bachelor thesis in which he developed a tool to improve the security of home Wi-Fi networks by automatically detecting their weak spots. During his master’s studies, he took an opportunity to study at the University of New Haven in Connecticut, USA, and made the most of it.

Imperfections of modern technologies

During his three-month stay in the team of Ibrahim Baggili, he dealt with the security of virtual reality and Bigscreen. This app is used to protect the security of meetings that range from a virtual campfire to business negotiations in a non-existent conference room containing 500 thousand people all over the world: “For a long time, Dr. Baggili’s team has been focusing on new, popular apps used by a great number of people, and it’s investigated the security of the WhatsApp service as well. Recently, they’ve noticed that virtual reality apps have been growing in popularity, as their users spend up to several hours a day there,” says Vondráček on the work of his manager.

Virtual reality looks like something new and pretty cool, but the truth is that it’s still a type of computer software and looking for defects in its security is very similar to other computer programs. Some weak spots we’ve discovered aren’t unique to virtual reality but have been emerging in other programs for several years now,” explains Vondráček.

According to Vondráček, the virtual reality market is currently so competitive that some companies are launching insufficiently tested apps. They succeed in being the first to market with a new feature, but it may pose a major security risk. Also, the users don’t have many ways to protect themselves against potential attacks.

Who’s the Man in the Room?

Originally, Dr. Baggili’s team only wanted to investigate what attackers can find out about private communication in virtual reality. During their work, however, researchers managed to get into closed rooms in Bigscreen without being noticed. Potential attackers thus could listen in on other users and even access the computer on which the app was running.

The researchers then coined a new term for a brand new type of threat – Man-In-The-Room. Together with his colleagues, Vondráček has been finalizing an article on this topic and considers continuing with the research in New Haven during his PhD studies.

The hardest part was to conceive that such an attack would be possible. Doctor Baggili started to wonder whether it was possible to disrupt the virtual space. We were inspired by the Man-in-the-Middle attack when two participants in a conversation think they are communicating directly while there is a third party between them who could influence the conversation,” Vondráček describes the idea the head of the team came up with. It took Vondráček three months to find out how to implement the idea and attack successfully.

The researchers have modified the weak spots of the app, but this surely isn’t the only app suffering from such imperfections, so the team encourages anyone using such technology to remain vigilant!

Read more about the topic

Speech technology: the great helper from Brno region
28. March 2024
Speech technology: the great helper from Brno region
Brno is known for its strong IT community that pushes the boundaries of technological progress. Speech technologies have also long had their firm and well-deserved place here.
Brno region has emerged as one of the leading European innovation hubs
20. March 2024
Brno region has emerged as one of the leading European innovation hubs
The Brno region, The South Moravian Region (SMR) (Czech Republic, European Union) has emerged as one of the leading European innovation hubs, with its Regional Innovation Index (RII) jumping from 87.3 to 101% of EU average between 2016 and 2023, an improvement of 22.3%. A global leader in electron microscopy, with one-third of the world's electron microscopes coming from Brno, Brno region excels also in the semiconductor, space, cybersecurity, and game development sectors. Leading the Czech Republic in knowledge intensity and high-tech employment, Brno region matches Europe's top regions. Brno's high quality of life and ranking as a leading student city highlight its role as a center of innovation and growth. It stems from the data report on research, innovation, and business in South Moravia, published by the innovation agency JIC.