Friday, March 31, 2023
DAPPS CLUB
  • Home
  • Cryptocurrency
  • Bitcoin
  • Ethereum
  • Blockchain
  • Altcoin
  • Litecoin
  • Metaverse
  • NFt
  • Regulations
No Result
View All Result
DAPPS CLUB
No Result
View All Result
Home Metaverse

Hacking the metaverse: Why Meta wants you to find the flaws in its newest headsets

Lincoln Cavenagh by Lincoln Cavenagh
March 12, 2023
in Metaverse
0
Hacking the metaverse: Why Meta wants you to find the flaws in its newest headsets
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter


Close-up of a young, blonde woman wearing a Meta Quest 2 VR headset

Related posts

Organizations have security concerns as they prepare to enter the metaverse – Hypergrid Business

Organizations have security concerns as they prepare to enter the metaverse – Hypergrid Business

March 30, 2023
AI for the little guy – Hypergrid Business

Littlefield celebrates tenth birthday – Hypergrid Business

March 30, 2023

Picture: Meta

When any new expertise emerges, cyber criminals and fraudsters will virtually instantly take a look to see what’s in it for them.

The web, smartphones and the Web of Issues have more and more grow to be a part of how we dwell our lives — and all of those applied sciences are focused by malicious hackers seeking to steal passwords, personal information, bank details, and extra. 

So, as the metaverse and virtual reality emerge as a brand new strategy to live, work and relax on the internet, these platforms can even quickly grow to be the goal for cyber criminals, eager to seek out and exploit vulnerabilities in {hardware} and software program or maybe to make use of the expertise to help their scams. 

Now Fb proprietor Meta, which is ploughing huge sums into its metaverse-building tasks, desires to get forward of the hackers by asking safety researchers to establish vulnerabilities and points in metaverse-related merchandise, corresponding to Meta Quest, Meta Quest Pro and the Meta Quest Touch Pro, with real disclosures rewarded with bug bounty funds that doubtlessly quantity to a whole bunch of 1000’s of {dollars}. 

Facebook has operated a bug bounty program for its web applications since 2011, however regardless of the metaverse being a key pillar of Meta’s business strategy, the corporate continues to be comparatively new to growing {hardware}.  

Additionally: The metaverse is coming and the security threats have already arrived 

Nevertheless, by encouraging cybersecurity consultants from outdoors Meta to hack the metaverse, the corporate’s seeking to enhance the safety of merchandise for everybody.  

“One in every of our priorities is to additional combine the exterior analysis group with us on our journey to safe the metaverse. As a result of this can be a comparatively new house for a lot of, we’re working to make the expertise extra accessible to bug hunters and to assist them submit legitimate studies quicker,” says Neta Oren, safety analyst supervisor and bug bounty lead at Meta. 

A part of the technique behind this work includes getting Meta’s digital actuality headsets on the market in entrance of safety researchers and hackers, attaining this with Meta BountyCon, a safety conferenced targeted round bug bounties that permits hunters to get hands-on with merchandise. 

The newest occasion noticed a give attention to rising threats within the VR house, one thing Oren describes as an intentional transfer in direction of “the aim of creating the whole trade safer”. 

Meta has up to date its bug bounty phrases to spotlight that its newest merchandise, Meta Quest Professional and the Meta Quest Contact Professional controllers, are eligible for the bug bounty program, and has added new payout pointers for VR expertise, together with bugs particular to Meta Quest Professional.

And for many who discover safety vulnerabilities in Meta’s digital actuality and metaverse expertise, there are monetary rewards for bug bounties of probably a whole bunch of 1000’s of {dollars}. 

Amongst different issues, the payout guidelines element how funds for locating cell distant code execution bugs — vulnerabilities that would enable an attacker to execute malware or take management of a tool — might be as much as $300,000, whereas researchers who uncover account takeover vulnerabilities might be rewarded with as much as $130,000. 

The monetary rewards are excessive as a result of Meta desires to encourage {hardware} hackers who might not have regarded on the firm’s digital actuality choices earlier than. 

“We wish to assist researchers prioritise their efforts and give attention to a few of the most impactful areas throughout our platform,” says Oren. 

The bug bounty scheme has already resulted within the disclosure of a number of beforehand undiscovered vulnerabilities.

Additionally: Accidental teleports and virtual high-fives: What I’ve learned about VR meetings

A disclosure submitted at BountyCon discovered a difficulty in Meta Quest’s oAuth circulate — an open commonplace used to grant web sites or purposes entry to consumer’s info on different web sites, which might have led to an attacker gaining management of a consumer’s entry token, and management of their account, with simply two clicks 

“We mounted this subject, and our investigation discovered no proof of abuse and we rewarded this report a complete of $44,250, which displays the affect of the vulnerability,” says Oren. 

One other researcher was awarded $27,200 after discovering a vulnerability that would have allowed an attacker to bypass SMS-based 2FA by exploiting a rate-limiting subject to brute drive the verification pin required to substantiate somebody’s telephone quantity. The vulnerability was additionally mounted after disclosure. 

These vulnerabilities may not have been uncovered — at the very least not as rapidly — with out the bug bounty scheme, which is why, for Meta, it is necessary to proceed to broaden it. 

“We welcome any contribution from the exterior group to get as many eyes on the code as doable, persevering with to check our merchandise, and make them safer,” says Oren. 

The bug bounty program for the metaverse follows within the footsteps of Meta’s different bug bounty schemes, a few of which have been working for a decade — and the corporate additionally has a spread of knowledge safety groups to assist make sure that the metaverse and Meta’s different platforms are as safe in opposition to cyber threats as doable. 

They embrace safety opinions of merchandise, a threat-modelling crew, a red team running penetration tests against the company, and extra, which is all along with the bug bounty program. All of this effort matches collectively for Meta to make sure that any product launched is as safe in opposition to as many threats as doable. 

“These are all issues we have realized over time that we apply after we construct new merchandise, so the brand new merchandise have already got all these embedded into them,” says Oren. 

Additionally: Cybersecurity: These are the new things to worry about in 2023

After new vulnerabilities, that are disclosed as a part of the bug bounty scheme, have been investigated and mitigated, safety updates are rolled out to the merchandise. To make sure that the safety updates that repair vulnerabilities are utilized, Meta’s VR merchandise mechanically examine for updates at launch after which apply them. 

“We’re sharing these bugs publicly to ensure everybody within the trade can be taught from us. It is common that when one huge firm publishes a majority of these issues, different corporations will look internally for one thing comparable,” Oren explains. 

And since outdoors researchers aren’t restricted to Meta merchandise, in the event that they discover one thing in Meta Quest Professional or one other Meta machine, they’re additionally doubtless to take a look at comparable merchandise constructed by others. 

“We all know that our researchers do not solely hunt on Meta. So, in the event that they discover a bug with us, they could then go and search for it in our rivals and they’ll report it to them as properly,” says Oren. 

“That is why we expect schooling is so necessary as a result of the researchers, no matter they be taught with us, they will implement for different corporations whereas they hunt,” she says. 

MORE ON CYBERSECURITY



Source link

Tags: findflawsHackingheadsetsMetametaversenewest
Previous Post

Judges Will Likely Rule in Favor of Grayscale in Bitcoin Spot ETF Battle With SEC, Says Bloomberg Expert – Here’s Why

Next Post

HedgeUp (HDUP) ICO tipped to reach Record Highs ahead of Litecoin (LTC) and Elons Dogecoin (DOGE)

Next Post
HedgeUp (HDUP) ICO tipped to reach Record Highs ahead of Litecoin (LTC) and Elons Dogecoin (DOGE)

HedgeUp (HDUP) ICO tipped to reach Record Highs ahead of Litecoin (LTC) and Elons Dogecoin (DOGE)

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RECOMMENDED NEWS

Ethereum Layer-2 Solution Scroll Secures $50 Million in Fresh Funding

Ethereum Layer-2 Solution Scroll Secures $50 Million in Fresh Funding

3 weeks ago
BAYC Owner Yuga Hosts Second Otherside Metaverse Experience

BAYC Owner Yuga Hosts Second Otherside Metaverse Experience

21 hours ago
Bitcoin [BTC] strikes careful balance with the ascent of these two metrics

Bitcoin [BTC] strikes careful balance with the ascent of these two metrics

2 weeks ago
Unlock The Full Potential Of Your Binance Account

Unlock The Full Potential Of Your Binance Account

2 weeks ago

FOLLOW US

BROWSE BY CATEGORIES

  • Altcoin
  • Artificial Intelligence
  • Bitcoin
  • Blockchain
  • Business
  • Cryptocurrencies
  • Cryptocurrency
  • Culture
  • Education
  • Ethereum
  • Featured
  • Litecoin
  • Metaverse
  • News
  • NFt
  • Regulations

BROWSE BY TOPICS

Ahead Bank Big Binance Bitcoin Blockchain Blog BTC Business CFTC Chain coin Coinbase Crypto Cryptocurrency Data Digital DOGEcoin ETH Ethereum Fed Financial Foundation global Heres Hypergrid IBM Investors Launch Litecoin LTC Market metaverse Network NFT NFTs Potential Price regulatory SEC Shanghai Solana Supply Top Upgrade

POPULAR NEWS

  • YOM brings Metaverse Mining to the Masses with MEXC Listing

    YOM brings Metaverse Mining to the Masses with MEXC Listing

    0 shares
    Share 0 Tweet 0
  • Rise of AI-Powered Cheating: Challenges and Solutions for Educators

    0 shares
    Share 0 Tweet 0
  • Chatbot Rejects Erotic Roleplay, Users Directed to Suicide Hotline Instead

    0 shares
    Share 0 Tweet 0
  • ChatGPT is Being Used to Make ‘Quality Scams’

    0 shares
    Share 0 Tweet 0
  • Congressman Says TikTok Ban Won’t Ensure Americans’ Data Safety

    0 shares
    Share 0 Tweet 0

Recent News

Latin American E-Commerce Giant Mercado Libre Enables Crypto Trading in Chile

Latin American E-Commerce Giant Mercado Libre Enables Crypto Trading in Chile

March 30, 2023
5 Interesting Things To Know About Litecoin – @mashable 1. Litecoin Was the Fairest … – Latest Tweet by Litecoin

$LTC Wakes Up Feeling Like a Commodity! #AriseChikun #thursdayvibes #Litecoin – Latest Tweet by Litecoin

March 30, 2023

Categories

  • Altcoin
  • Artificial Intelligence
  • Bitcoin
  • Blockchain
  • Business
  • Cryptocurrencies
  • Cryptocurrency
  • Culture
  • Education
  • Ethereum
  • Featured
  • Litecoin
  • Metaverse
  • News
  • NFt
  • Regulations

Follow Us

Follow us on social media:

Recommended

  • Latin American E-Commerce Giant Mercado Libre Enables Crypto Trading in Chile
  • $LTC Wakes Up Feeling Like a Commodity! #AriseChikun #thursdayvibes #Litecoin – Latest Tweet by Litecoin
  • Biden calls to revive tighter bank regulations that Trump weakened
  • Dogecoin Whale Abruptly Moves 350,000,000 DOGE in Multiple Transactions– Here’s Where the Crypto’s Headed
  • Bitcoin [BTC] attempts another resistance breakout: Will it crack $30,000

© 2023 Dapps Club | All Rights Reserved

No Result
View All Result
  • Home
  • Cryptocurrency
  • Bitcoin
  • Ethereum
  • Blockchain
  • Altcoin
  • Litecoin
  • Metaverse
  • NFt
  • Regulations

© 2023 Dapps Club | All Rights Reserved