• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Researchers May Already have Compromised The Quest 2 VR

November 3, 2020 By Trevor Collins

(update 12/11/20:  XRSI may not have rooted the Quest 2, see XRSI May Have Lie About Gaining Root Access The Quest 2)

XRSI may have found a way around the new Oculus Quest 2 Facebook login. Technical users will sometimes root a device to gain complete control over the device. This option for users commonly occurs with most of the popular phones and tablets available so usually, it doesn’t mean much. We do find a reason to root this device The Quest2 VR, owned by Facebook, requires a Facebook account to use the device and will remove your data off the device if you delete your Facebook account. Quest 2 users must create a Facebook account to use their own device, which the first version of Quest didn’t require but now does. You can see why this makes rooting the device a popular target. 

Facebook’s decision to block access to the Quest 2 VR without a Facebook account may come back to bite them. Game consoles in the past that restrict user access tend to become compromised first, likely due to the restriction causing more interest from researchers. In the case of the Quest 2, if someone found a way to gain complete control of their device, they could use it without having to log in to Facebook and share their private information. 

According to XRSI, one of their researchers found a way to root the Oculus Quest 2. Now before you go out and buy it, the steps to root it haven’t been released. Also, even if they do release it, Facebook could update the device removing you from root access and disabling the exploit that makes it possible.  

XRSI on their blogging site readyhackerone.com said they had concerns over “how to proceed without clear policies around the right to repair.” I don’t see Facebook backing down from forcing users to log in to Facebook to use their Quest2. For now, I won’t get the Quest2 even though I like the first Quest VR.

Share This:

Related

Filed Under: Uncategorized Tagged With: Facebook, surveillance, Vulernability

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity’s Toll on Mental Health
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Cybersecurity’s Toll on Mental Health
  • Successfully Prosecuting a Russian Hacker
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use