When VR is Not Just for Gaming: Unmasking GPU Resource Misuse on VR Headset
摘要
Security issues related to hardware resource misusage have been a major challenge for the graphics processing unit (GPU) on smart devices. Recent research mainly focuses on hijacking the GPU resources on smartphones or personal computers. However, unethical developers can also target Virtual Reality (VR) headsets with sufficient GPU resources for graphic rendering. We present two proof-of-concept attacks targeting GPU computing resources for cryptomining and machine learning model training by standalone VR and WebXR applications. The evaluation shows that the cryptomining scripts injected into the standalone VR application can nearly fully exploit GPU resources, with utilization reaching up to 97.57%. Additionally, these scripts can negatively impact user experience when the frame rate falls below 72 FPS. The machine learning model training scripts used by the WebXR application can utilize GPU resources by over 67%, which is 11% more than the baseline, and it does not influence the overall user experience.