This study addresses novel human-factor security risks in remote collaborative mixed reality (MR) gaming—risks arising from MR’s immersive, spatially anchored interaction paradigm. Method: We systematically identify and classify four MR-specific attack vectors: latency-induced manipulation, click redirection, object occlusion, and spatial occlusion. Using a HoloLens 2–based experimental platform, we conduct a user study with behavioral analysis to assess detection performance and cognitive awareness. Contribution/Results: Results reveal significantly lower detection rates for spatial occlusion and other immersive attacks compared to conventional cyberattacks—exposing a critical human-factor security blind spot. This work provides the first empirical evidence of mechanistic causes underlying weak security awareness in remote MR collaboration. Based on these findings, we propose a novel security training paradigm tailored to immersive interaction and lightweight, context-aware defense mechanisms. Our results deliver the first empirically grounded framework and actionable design guidelines for building trustworthy MR collaboration systems.

Mixed Reality (MR) devices are being increasingly adopted across a wide range of real-world applications, ranging from education and healthcare to remote work and entertainment. However, the unique immersive features of MR devices, such as 3D spatial interactions and the encapsulation of virtual objects by invisible elements, introduce new vulnerabilities leading to interaction obstruction and misdirection. We implemented latency, click redirection, object occlusion, and spatial occlusion attacks within a remote collaborative MR platform using the Microsoft HoloLens 2 and evaluated user behavior and mitigations through a user study. We compared responses to MR-specific attacks, which exploit the unique characteristics of remote collaborative immersive environments, and traditional security attacks implemented in MR. Our findings indicate that users generally exhibit lower recognition rates for immersive attacks (e.g., spatial occlusion) compared to attacks inspired by traditional ones (e.g., click redirection). Our results demonstrate a clear gap in user awareness and responses when collaborating remotely in MR environments. Our findings emphasize the importance of training users to recognize potential threats and enhanced security measures to maintain trust in remote collaborative MR systems.