We recently found XRSI, through their now-removed blog site post, claiming to have root access to Oculus Quest 2, a Virtual Reality game platform. New information from a Reddit user question if XRSI gained root access and the truthfulness of their claims. Since we published their claim, we thought it appropriate to also review what the Reddit user found. User “not_xrsi” claimed to have insider knowledge of the issue. They posted how an XRSI researcher may have fooled others into believing he has a rooted Quest 2 device and possibly used a VM to simulate access.
For verification of root access, XRSI made claims to a 3rd party they had root access, but later said they lost access due to an update. For someone who has the capabilities to root a Quest 2, we find this puzzling. It sounds unlikely that you would lose root access unless Oculus knows of the vulnerability. We also find it unlikely they would allow an update on the device before verification of the exploit. Further issues with the XRSI claim came from them saying they installed Windows XP on the Oculus Quest 2. Quest 2 uses an ARM–based instruction set, making it incompatible with programs compiled for x86 instruction set. Since Microsoft never released Windows XP compiled for an ARM–based processor, you can’t install Windows XP on a bare ARM–based system. Meaning, Windows XP won’t run on the Quest 2 outside a Virtual Machine. We don’t see how they could possibly do this.
Based on what “not_xrsi” posted, we suspect XRSI either lied about what they found, or if they worked with another researcher, they didn’t properly research the exploit. Security of the Oculus Quest and Quest 2 comes from the trust we have in those making the devices, Facebook, and security researchers who review the product. If the Reddit user posted the truth, this removes trust from security researchers – something we have worked so hard to gain after years of classifying us as just “hackers.” In a curious coincidence, XRSI blog account tweeted a quote from George Orwell right before they tweeted about gaining root access to the Quest 2. We hope they take his advice.
In a time of universal deceit — telling the truth is a revolutionary act.
—George Orwell pic.twitter.com/P7H6Ef1KNA
— ReadyHackerOne (@ReadyHackerOne) October 25, 2020
Applauding d efforts of tireless security researchers, we hereby confirm the jailbreak of #Quest2, and together with @XRSIdotorg demand d right to repair for #XR devices.
Read our captain’s log by @KavyaPearlman Defending the Right to Repair for #XR https://t.co/ZhQN8HhIAo pic.twitter.com/tK5UtEAcxm
— ReadyHackerOne (@ReadyHackerOne) October 26, 2020
Leave a Reply