Discerning User Activity in Extended Reality Through Side-Channel Accelerometer Observations

Extended reality technologies such as virtual reality are becoming increasingly common for enterprise applications. They have the potential to create secure multi-user environment in previously less-secure spaces, without the need for privacy filters or secure rooms. In this pilot paper we explore how malicious actors may be able to eavesdrop on a virtual reality session, by tracking the physical movements of a user. This is carried out using a third-party accelerometer, attached to the user. Through initial experimentation, we observe that specific actions and session types can be identified through visual analysis of the accelerometer. We posit there is substantial potential for sophisticated and automatic classification of user activity in VR. We discuss how this may enable eavesdropping by malicious actors, or could serve as a mechanism for improved security.