AcouListener: An Inaudible Acoustic Side-Channel Attack on AR/VR Systems

Fengliang He; Hong-Ning Dai; Hanyang Guo; Xiapu Luo; Jiadi Yu

doi:10.1007/978-3-032-07894-0_9

AcouListener: An Inaudible Acoustic Side-Channel Attack on AR/VR Systems

Fengliang He
, Hong-Ning Dai^*
, Hanyang Guo
, Xiapu Luo
, Jiadi Yu

^*Corresponding author for this work

Department of Computer Science

Research output: Chapter in book/report/conference proceeding › Conference proceeding › peer-review

Abstract

Although augmented reality (AR) and virtual reality (VR) systems have garnered extensive attention from both industry and academia, their built-in sensors continuously collect sensitive user data, making them potential targets for malicious attacks. To assess the threat of inaudible acoustic channels in AR/VR, we propose AcouListener, a novel side-channel attack that uses inaudible acoustic signals emitted and received by off-the-shelf VR headsets or mobile phones. Variations in the acoustic channel caused by hand movements allow attackers to reconstruct user input (e.g., passwords). AcouListener is implemented as a camouflaged mobile app that runs on AR/VR or mobile platforms. We evaluate it across three common VR attack scenarios: (1) inferring victims’ unlocking patterns, (2) handwriting patterns and (3) typing words and passwords on virtual keyboards. AcouListener achieves an average F1-score of 84%, 95% and 80%, respectively. Furthermore, we present countermeasures against this inaudible acoustic attack.

Original language	English
Title of host publication	Computer Security – ESORICS 2025
Subtitle of host publication	30th European Symposium on Research in Computer Security, Toulouse, France, September 22–24, 2025, Proceedings, Part III
Editors	Vincent Nicomette, Abdelmalek Benzekri, Nora Boulahia-Cuppens, Jaideep Vaidya
Place of Publication	Cham
Publisher	Springer Cham
Pages	164-183
Number of pages	20
Volume	3
Edition	1st
ISBN (Electronic)	9783032078940
ISBN (Print)	9783032078933
DOIs	https://doi.org/10.1007/978-3-032-07894-0_9
Publication status	Published - 17 Oct 2025
Event	30th European Symposium on Research in Computer Security - Toulouse University, Toulouse, France Duration: 22 Sept 2025 → 24 Sept 2025 https://link.springer.com/book/10.1007/978-3-032-07884-1 (Conference proceeding) https://esorics2025.sciencesconf.org/ (Conference website) https://esorics2025.sciencesconf.org/data/detailed_program.pdf (Conference program)

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	16055
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Name	European Symposium on Research in Computer Security
Publisher	Springer

Conference

Conference	30th European Symposium on Research in Computer Security
Abbreviated title	ESORICS 2025
Country/Territory	France
City	Toulouse
Period	22/09/25 → 24/09/25
Internet address	https://link.springer.com/book/10.1007/978-3-032-07884-1 (Conference proceeding) https://esorics2025.sciencesconf.org/ (Conference website) https://esorics2025.sciencesconf.org/data/detailed_program.pdf (Conference program)

User-Defined Keywords

Augmented Reality
Side-channel Attacks
Virtual Reality

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1007/978-3-032-07894-0_9

Cite this

He, F., Dai, H.-N., Guo, H., Luo, X., & Yu, J. (2025). AcouListener: An Inaudible Acoustic Side-Channel Attack on AR/VR Systems. In V. Nicomette, A. Benzekri, N. Boulahia-Cuppens, & J. Vaidya (Eds.), Computer Security – ESORICS 2025: 30th European Symposium on Research in Computer Security, Toulouse, France, September 22–24, 2025, Proceedings, Part III (1st ed., Vol. 3, pp. 164-183). (Lecture Notes in Computer Science; Vol. 16055), (European Symposium on Research in Computer Security). Springer Cham. https://doi.org/10.1007/978-3-032-07894-0_9

He, Fengliang ; Dai, Hong-Ning ; Guo, Hanyang et al. / AcouListener : An Inaudible Acoustic Side-Channel Attack on AR/VR Systems. Computer Security – ESORICS 2025: 30th European Symposium on Research in Computer Security, Toulouse, France, September 22–24, 2025, Proceedings, Part III. editor / Vincent Nicomette ; Abdelmalek Benzekri ; Nora Boulahia-Cuppens ; Jaideep Vaidya. Vol. 3 1st. ed. Cham : Springer Cham, 2025. pp. 164-183 (Lecture Notes in Computer Science). (European Symposium on Research in Computer Security).

@inproceedings{0ea0c026953c4adaa0655507ea911d12,

title = "AcouListener: An Inaudible Acoustic Side-Channel Attack on AR/VR Systems",

abstract = "Although augmented reality (AR) and virtual reality (VR) systems have garnered extensive attention from both industry and academia, their built-in sensors continuously collect sensitive user data, making them potential targets for malicious attacks. To assess the threat of inaudible acoustic channels in AR/VR, we propose AcouListener, a novel side-channel attack that uses inaudible acoustic signals emitted and received by off-the-shelf VR headsets or mobile phones. Variations in the acoustic channel caused by hand movements allow attackers to reconstruct user input (e.g., passwords). AcouListener is implemented as a camouflaged mobile app that runs on AR/VR or mobile platforms. We evaluate it across three common VR attack scenarios: (1) inferring victims{\textquoteright} unlocking patterns, (2) handwriting patterns and (3) typing words and passwords on virtual keyboards. AcouListener achieves an average F1-score of 84\%, 95\% and 80\%, respectively. Furthermore, we present countermeasures against this inaudible acoustic attack.",

keywords = "Augmented Reality, Side-channel Attacks, Virtual Reality",

author = "Fengliang He and Hong-Ning Dai and Hanyang Guo and Xiapu Luo and Jiadi Yu",

note = "This work is partially supported by HKBU (with no. RC-SFCRG/23-24/R2/SCI/06) and NSFC (with no. 62172277). Publisher Copyright: {\textcopyright} 2026 The Author(s), under exclusive license to Springer Nature Switzerland AG; 30th European Symposium on Research in Computer Security, ESORICS 2025 ; Conference date: 22-09-2025 Through 24-09-2025",

year = "2025",

month = oct,

day = "17",

doi = "10.1007/978-3-032-07894-0\_9",

language = "English",

isbn = "9783032078933",

volume = "3",

series = "Lecture Notes in Computer Science",

publisher = "Springer Cham",

pages = "164--183",

editor = "Vincent Nicomette and Abdelmalek Benzekri and Nora Boulahia-Cuppens and Jaideep Vaidya",

booktitle = "Computer Security – ESORICS 2025",

edition = "1st",

url = "https://link.springer.com/book/10.1007/978-3-032-07884-1, https://esorics2025.sciencesconf.org/, https://esorics2025.sciencesconf.org/data/detailed\_program.pdf",

}

He, F, Dai, H-N, Guo, H, Luo, X & Yu, J 2025, AcouListener: An Inaudible Acoustic Side-Channel Attack on AR/VR Systems. in V Nicomette, A Benzekri, N Boulahia-Cuppens & J Vaidya (eds), Computer Security – ESORICS 2025: 30th European Symposium on Research in Computer Security, Toulouse, France, September 22–24, 2025, Proceedings, Part III. 1st edn, vol. 3, Lecture Notes in Computer Science, vol. 16055, European Symposium on Research in Computer Security, Springer Cham, Cham, pp. 164-183, 30th European Symposium on Research in Computer Security, Toulouse, France, 22/09/25. https://doi.org/10.1007/978-3-032-07894-0_9

AcouListener: An Inaudible Acoustic Side-Channel Attack on AR/VR Systems. / He, Fengliang; Dai, Hong-Ning; Guo, Hanyang et al.
Computer Security – ESORICS 2025: 30th European Symposium on Research in Computer Security, Toulouse, France, September 22–24, 2025, Proceedings, Part III. ed. / Vincent Nicomette; Abdelmalek Benzekri; Nora Boulahia-Cuppens; Jaideep Vaidya. Vol. 3 1st. ed. Cham: Springer Cham, 2025. p. 164-183 (Lecture Notes in Computer Science; Vol. 16055), (European Symposium on Research in Computer Security).

Research output: Chapter in book/report/conference proceeding › Conference proceeding › peer-review

TY - GEN

T1 - AcouListener

T2 - 30th European Symposium on Research in Computer Security

AU - He, Fengliang

AU - Dai, Hong-Ning

AU - Guo, Hanyang

AU - Luo, Xiapu

AU - Yu, Jiadi

N1 - This work is partially supported by HKBU (with no. RC-SFCRG/23-24/R2/SCI/06) and NSFC (with no. 62172277). Publisher Copyright: © 2026 The Author(s), under exclusive license to Springer Nature Switzerland AG

PY - 2025/10/17

Y1 - 2025/10/17

N2 - Although augmented reality (AR) and virtual reality (VR) systems have garnered extensive attention from both industry and academia, their built-in sensors continuously collect sensitive user data, making them potential targets for malicious attacks. To assess the threat of inaudible acoustic channels in AR/VR, we propose AcouListener, a novel side-channel attack that uses inaudible acoustic signals emitted and received by off-the-shelf VR headsets or mobile phones. Variations in the acoustic channel caused by hand movements allow attackers to reconstruct user input (e.g., passwords). AcouListener is implemented as a camouflaged mobile app that runs on AR/VR or mobile platforms. We evaluate it across three common VR attack scenarios: (1) inferring victims’ unlocking patterns, (2) handwriting patterns and (3) typing words and passwords on virtual keyboards. AcouListener achieves an average F1-score of 84%, 95% and 80%, respectively. Furthermore, we present countermeasures against this inaudible acoustic attack.

AB - Although augmented reality (AR) and virtual reality (VR) systems have garnered extensive attention from both industry and academia, their built-in sensors continuously collect sensitive user data, making them potential targets for malicious attacks. To assess the threat of inaudible acoustic channels in AR/VR, we propose AcouListener, a novel side-channel attack that uses inaudible acoustic signals emitted and received by off-the-shelf VR headsets or mobile phones. Variations in the acoustic channel caused by hand movements allow attackers to reconstruct user input (e.g., passwords). AcouListener is implemented as a camouflaged mobile app that runs on AR/VR or mobile platforms. We evaluate it across three common VR attack scenarios: (1) inferring victims’ unlocking patterns, (2) handwriting patterns and (3) typing words and passwords on virtual keyboards. AcouListener achieves an average F1-score of 84%, 95% and 80%, respectively. Furthermore, we present countermeasures against this inaudible acoustic attack.

KW - Augmented Reality

KW - Side-channel Attacks

KW - Virtual Reality

UR - https://www.scopus.com/pages/publications/105020689236

U2 - 10.1007/978-3-032-07894-0_9

DO - 10.1007/978-3-032-07894-0_9

M3 - Conference proceeding

SN - 9783032078933

VL - 3

T3 - Lecture Notes in Computer Science

SP - 164

EP - 183

BT - Computer Security – ESORICS 2025

A2 - Nicomette, Vincent

A2 - Benzekri, Abdelmalek

A2 - Boulahia-Cuppens, Nora

A2 - Vaidya, Jaideep

PB - Springer Cham

CY - Cham

Y2 - 22 September 2025 through 24 September 2025

ER -

He F, Dai HN, Guo H, Luo X, Yu J. AcouListener: An Inaudible Acoustic Side-Channel Attack on AR/VR Systems. In Nicomette V, Benzekri A, Boulahia-Cuppens N, Vaidya J, editors, Computer Security – ESORICS 2025: 30th European Symposium on Research in Computer Security, Toulouse, France, September 22–24, 2025, Proceedings, Part III. 1st ed. Vol. 3. Cham: Springer Cham. 2025. p. 164-183. (Lecture Notes in Computer Science). (European Symposium on Research in Computer Security). doi: 10.1007/978-3-032-07894-0_9

AcouListener: An Inaudible Acoustic Side-Channel Attack on AR/VR Systems

Abstract

Publication series

Conference

User-Defined Keywords

UN SDGs

Access to Document

Other files and links

Fingerprint

Cite this