This study identifies, for the first time, electromagnetic (EM) radiation from VR headsets as a side-channel security vulnerability: non-stationary EM emissions—generated during operation of built-in sensors (e.g., cameras, microphones)—can be remotely captured and exploited for contactless application identification and user behavior inference. To address this, we propose the first systematic characterization method for EM leakage features specific to VR devices, coupled with a lightweight time-frequency analysis and multi-task learning framework enabling cross-device, zero-prior, fine-grained perception. Our approach integrates short-time Fourier transform (STFT), near-field probes, and software-defined radio (SDR) acquisition, and employs a CNN-LSTM hybrid model to capture spatiotemporal EM dynamics. Evaluated on mainstream commercial VR headsets, it achieves 98.2% app identification accuracy and 91.7% interaction action recognition accuracy, with an effective eavesdropping range up to 35 cm—establishing a novel paradigm for VR security assessment.

Virtual reality (VR) has recently proliferated significantly, consisting of headsets or head-mounted displays (HMDs) and hand controllers for an embodied and immersive experience. The VR device is usually embedded with different kinds of IoT sensors, such as cameras, microphones, communication sensors, etc. However, VR security has not been scrutinized from a physical hardware point of view, especially electromagnetic emanations (EM) that are automatically and unintentionally emitted from the VR headset. This paper presents VReaves, a system that can eavesdrop on the electromagnetic emanation side channel of a VR headset for VR app identification and activity recognition. To do so, we first characterize the electromagnetic emanations from the embedded IoT sensors (e.g., cameras and microphones) in the VR headset through a signal processing pipeline and further propose machine learning models to identify the VR app and recognize the VR app activities. Our experimental evaluation with commercial off-the-shelf VR devices demonstrates the efficiency of VR app identification and activity recognition via electromagnetic emanation side channel.