The highly anticipated release of the Apple Vision Pro mixed reality headset took a startling turn. Barely one day after its release on February 2nd, 2024, Joseph Ravichandran, a PhD student at the Massachusetts Institute of Technology announced that he had hacked the device.
Source: Quora
Below, you’ll learn more about the security exploit, Apple’s response, and what it means for Ravichandran and the device users.
The Apple Vision Pro
Basically, the Apple Vision Pro is a computer goggle that is worn on the face. However, its use is what sets it apart. Whereas the traditional display style is to show output on a screen, the Vision Pro projects them directly into your eyes.
Source: Quora
To achieve this, the gadget makes use of two small but high-resolution displays that are positioned at a small distance away from the user’s eyes.
The Devices Use a Special Control
One outstanding aspect of the VisionPro is the kind of control it runs by. Rather than the usual keyboard, mouse, and touch screen, the device uses a technology that receives commands by tracking the movement and gestures of the user’s eyes.
Source: Quora
What this means is that the computer watches both your eyes and your hands to know what action you desire it to take.
Apple described it as a “Spatial Computer”
Amongst its exciting features, one that stands out (and which Apple didn’t fail to emphasize) is its display background. The device uses a background picture of a physical space around you as the canvas for its displays.
Source: Quora
So, this means that the perceived viewing area is unlimited. This ability was what prompted the technology giant to term the device “the spatial computer.”
How Did the Hack Come About?
Typically, following the launch of such a high-profile device, a green light is set off in the tech community. For a number of reasons, hackers, security experts, and researchers began to race against one another to discover a weakness in the system.
Source: Quora
Joseph, a researcher at MIT, was one of the participants in this “gold rush.” He was the first to discover a vulnerability and amazingly, he did so in just a few hours.
“The World’s First Kernel Exploit”
Joseph had the pleasure of breaking the news of his achievement using his X account. He posted multiple photos of his success with the caption “The world’s first(?) kernel exploit for Vision Pro on launch day!”
Source: Quora
The MIT student made the post on February 3rd, and graciously inserted a question mark in his claim, just in case someone else had beaten him to it.
Kernel Exploit Explained
Just in case you’ve been wondering what the term means, “Kernel Exploit” or “Kernel Vulnerability” refers to a weakness or weak spot in the Apple Vision Pro software.
Source: Quora
This weak link, when exploited can crash the headset. Consequently, the headset will only show what’s in front of you instead of the normal display of digital images. This abnormal display is a symptom of what’s called a “full passthrough view.”
What Next?
The photos Joseph posted on X showed the gadget’s response to the new situation. After switching to the full passthrough view, the Vision Pro advised him to remove the headset in the next 30 seconds before it restarted. Apparently, the restart was to allow the software to rectify the situation.
Source: 0xjprx/X
The second photo he posted showed the technology’s response after the restart — a panic log that confirmed the crash.
What Does the Hack Mean for Vision Pro Users?
Unfortunately, the kernel exploit could have some not-so-palatable implications for Vision Pro users. But that’s if Apple fails to do its job.
Source: Quora
If this compromise persists, hackers could take advantage to gain deep access into the device’s software and plant malicious software (also called malware) to steal users’ data, possibly also leading to financial losses for victims. But given Apple’s reputation for safety and information privacy, this isn’t likely to happen.
What Are the Implications for Joseph Ravichandran?
Of course, Apple will be grateful for the efforts of Joseph, which has led them to a major security challenge for their new product. Now, the company will focus on repairing the breach.
Source: 0xjprx/X
But there could be something in it for Joseph. In addition to the fame he has earned, the Microarchitectural Security student could be eligible for some financial reward via the Apple Security Bounty Program.
What is Apple’s Response?
Just after photos of the hack surfaced on the internet, we noticed that Apple updated their Vision Pro user guide. In addition to the original content, the tech giant warned against jailbreaking the headset as it could cause the gadget to become “permanently inoperable” for the user.
Source: Quora
The user guide also stated that “Unauthorized modifications to Vision OS bypass security features and can cause numerous issues such as security vulnerabilities, instability, and shortened battery life to the hacked Apple Vision Pro.”
What’s the Future of the Vision Pro?
Obviously, the Vision Pro, just like many novel tech introductions, is still very much a work in progress. Besides addressing the device’s security, Apple also recognizes that acceptance may be pretty slow at the initial stages.
Source: Quora
In fact, indications already show that many users aren’t satisfied with the device. But Apple is known to weather storms such as this. Joseph’s discovery has taken the company a step closer to perfecting the mixed reality gadget.
