Apple Vision Pro gets hacked to fill your room with spiders

Apple Vision Pro gets hacked to fill your room with spiders
Here’s a “fun” turn-up for the books: hacking spatial computing devices to freak a user out. Despite Apple’s image of being more secure than competing operating systems, cybersecurity researcher Ryan Pickren found a flaw in the Apple Vision Pro. This allowed Pickren to flood a user’s room with hundreds of spiders and bats. Without their consent.

I don’t think I need to stress just how terrifying this would be, even for someone who doesn’t have arachnophobia. Hundreds of tiny critters all over your room and beelining for you? I would just throw my headset at the wall.

This exploit was possible through the Safari web browser, according to Pickren. The modern WebXR standard requires user consent via a pop-up to work, making such a hack impossible. But Pickren found that Apple had forgotten about its older HTML-based Apple AR Kit Quick Look.

The way Apple AR Kit Quick Look works is that a website doesn’t even need user permission to display virtual objects. So, as Pickren quickly found out during testing, simply viewing a website in the Vision Pro allowed him to execute his devilish little trick.

Video Thumbnail
Hello terrifying Mixed Reality nightmares.

What makes this all even worse is that, because of how Apple AR Kit Quick Look works, closing Safari didn’t get rid of the spiders and bats. Users either had to go around the room tapping each individual spider and bat to get rid of them, or simply take off the headset.

It’s worth mentioning that Pickren did not use this exploit to give someone a fright. The vulnerability was reported and Apple has patched it. But it was definitely a good reminder of how old and abandoned software can be used to exploit modern technology.

Our Apple Vision Pro review found the headset to be a modern marvel of engineering. However, Apple still needs to find its footing in the industry before it can wow over more people. Little exploits like this, in my opinion, serve as good lessons on how to improve a product.
Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless