Augmenting Security and Privacy in the Virtual Realm: An Analysis of Extended Reality Devices

TL;DR

This work addresses security and privacy risks in Extended Reality (XR) devices by conducting a device-centric analysis that combines a comprehensive literature review with an empirical device census and policy review. The authors map on-device properties, attack vectors, and defenses, highlighting both device-centric and VE-specific threats, and propose a set of design considerations and future research directions. Key contributions include a structured taxonomy of attacks and defenses, privacy-policy assessments, and pragmatic recommendations for researchers and practitioners to strengthen XR security, privacy, and user trust. The findings underscore the need for defense-in-depth strategies, cross-device testing, and transparent data practices to sustain safe and privacy-preserving XR experiences across the evolving metaverse landscape.

Abstract

In this work, we present a device-centric analysis of security and privacy attacks and defenses on Extended Reality (XR) devices, highlighting the need for robust and privacy-aware security mechanisms. Based on our analysis, we present future research directions and propose design considerations to help ensure the security and privacy of XR devices.

Figures (4)

• Figure 1: Spectrum of Extended Reality Technologies.
• Figure 2: Security properties of XR devices.
• Figure 3: Security and privacy attacks in the literature.
• Figure 4: List of papers (additional references).