De-Anonymizing Avatars in Virtual Reality: Attacks and Countermeasures
Abstract: By providing users with an immersive visual and acoustic experience, virtual reality (VR) serves as a foundational technique for the emerging metaverse. One of the most promising aspects of VR is its ability to protect users’ identities by transforming their physical appearances into avatars with arbitrary appearances in the virtual world. However, the increasing threat of de-anonymization attacks that seek to reveal users’ identities poses significant privacy risks. We propose AvatarHunter, a non-intrusive and user-unaware de-anonymization attack leveraging victims’ inherent movement signatures. AvatarHunter discreetly collects the avatar's gait information by recording videos in the VR scenario without requiring any permissions. Notably, we designed a Unity-based feature extractor that maintains the avatar's movement signature while enabling AvatarHunter to be resistant to changes in the avatar's appearance. We conduct real-world experiments on VRChat to evaluate AvatarHunter's effectiveness. The results demonstrate that in commercial settings, AvatarHunter achieves attack success rates (ASR) of 92.1% and 66.9% in closed-world and open-world avatar scenarios, respectively, significantly surpassing existing benchmarks. Additionally, simulations using an open-source dataset confirm that AvatarHunter can attain over 78% ASR in full-body tracking scenarios. Finally, we discuss several countermeasures and implement an obfuscation mechanism during the avatar rendering phase, significantly reducing the ASR.
Loading