AR/VR devices promise a new era of immersive computing, where our everyday experience is augmented with helpful information (Augmented Reality), or where we are immersed in fully virtual worlds (Virtual Reality). These systems fuse the physical world, and the virtual world, through computing resources to provide these immersive experiences rendered on the user’s headset. As a result, it allows new opportunities for attackers to compromise the security and privacy of users that are not well understood. Towards understanding the security and privacy challenges in these systems, this talk presents a number of recent attacks we developed on AR/VR systems. One threat model exploits the shared computing resources used by multiple applications on a headset to extract information through side channels; we show attacks that spy on user activity or compromise privacy. Another threat model exploits the shared state among multiple users in a multi-user application, allowing malicious users to inject compromised information or to recover information they are not allowed to access. Other threat models include those that interfere with applications and cause the virtual model to become out of sync with the physical world, causing user motion sickness or bypassing safety guardrails. I will conclude with discussion of potential defenses and ways to build more security AR/VR experiences. Co-sponsored by: IEEE Montreal Section Speaker(s): Dr. Nael Abu-Ghazaleh Agenda: 20:00 Hours – START of Distinguished Lecture 21:00 Hours – END of Distinguished Lecture 21:00 Hours – Start of Q&A, Discussions, Thoughts, etc ALL times are in EDT/EST format Virtual: https://events.vtools.ieee.org/m/485331