This study reveals a novel privacy threat posed by standalone VR headsets, wherein thermal radiation leakage enables remote application identification without physical contact or software implantation. The work proposes a passive thermal side-channel attack that leverages only a commercial long-wave infrared thermal camera and multimodal environmental sensors—measuring temperature, humidity, and airflow—to capture and normalize thermal signals against ambient noise. This approach circumvents existing hardware and software defenses by exploiting thermal emissions as unique application fingerprints. Experimental results demonstrate that, in indoor settings, the method achieves over 90% accuracy in identifying active applications from just 10 seconds of thermal imaging; in outdoor scenarios, accuracy reaches up to 81%. This is the first demonstration that thermal radiation alone can serve as a reliable indicator for distinguishing VR applications.

Standalone virtual reality (VR) headsets process highly sensitive personal, professional, and health-related data, yet their susceptibility to non-contact physical side channels remains largely unexplored. Existing side-channel attacks typically require malicious software execution or physical access to peripherals, making them conspicuous and potentially patchable. This paper introduces ThermalTap, the first passive, non-contact side-channel attack that fingerprints VR applications solely from the long-wave infrared (LWIR) radiation emitted by the headset chassis. By treating a headset's thermal signature as a high-fidelity proxy for internal computational workloads, ThermalTap enables remote application inference at meter-scale distances without any device interaction. To achieve robust performance in real-world settings, the system combines a commodity thermal camera with a multi-modal sensor suite (capturing ambient temperature, humidity, and airflow) to normalize environmental noise. We evaluate ThermalTap using six applications across three commercial standalone headsets. In indoor settings, ThermalTap identifies applications with over 90% accuracy using only 10 seconds of thermal camera data. Under outdoor conditions, with longer session-level observations, several applications remain identifiable despite environmental variability, with the strongest outdoor application reaching 81% accuracy. Our findings establish thermal radiation as a fundamental and unavoidable privacy risk for immersive systems, exposing a critical security gap that bypasses current software-level protections and physical access controls.