Saved in:
Bibliographic Details
Main Authors: Bi, Ting, Ye, Chenghang, Yang, Zheyu, Zhou, Ziyi, Tang, Cui, Zhang, Jun, Tao, Zui, Wang, Kailong, Zhou, Liting, Yang, Yang, Yu, Tianlong
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2504.13209
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916695656890368
author Bi, Ting
Ye, Chenghang
Yang, Zheyu
Zhou, Ziyi
Tang, Cui
Zhang, Jun
Tao, Zui
Wang, Kailong
Zhou, Liting
Yang, Yang
Yu, Tianlong
author_facet Bi, Ting
Ye, Chenghang
Yang, Zheyu
Zhou, Ziyi
Tang, Cui
Zhang, Jun
Tao, Zui
Wang, Kailong
Zhou, Liting
Yang, Yang
Yu, Tianlong
contents Augmented Reality (AR) and Multimodal Large Language Models (LLMs) are rapidly evolving, providing unprecedented capabilities for human-computer interaction. However, their integration introduces a new attack surface for social engineering. In this paper, we systematically investigate the feasibility of orchestrating AR-driven Social Engineering attacks using Multimodal LLM for the first time, via our proposed SEAR framework, which operates through three key phases: (1) AR-based social context synthesis, which fuses Multimodal inputs (visual, auditory and environmental cues); (2) role-based Multimodal RAG (Retrieval-Augmented Generation), which dynamically retrieves and integrates contextual data while preserving character differentiation; and (3) ReInteract social engineering agents, which execute adaptive multiphase attack strategies through inference interaction loops. To verify SEAR, we conducted an IRB-approved study with 60 participants in three experimental configurations (unassisted, AR+LLM, and full SEAR pipeline) compiling a new dataset of 180 annotated conversations in simulated social scenarios. Our results show that SEAR is highly effective at eliciting high-risk behaviors (e.g., 93.3% of participants susceptible to email phishing). The framework was particularly effective in building trust, with 85% of targets willing to accept an attacker's call after an interaction. Also, we identified notable limitations such as ``occasionally artificial'' due to perceived authenticity gaps. This work provides proof-of-concept for AR-LLM driven social engineering attacks and insights for developing defensive countermeasures against next-generation augmented reality threats.
format Preprint
id arxiv_https___arxiv_org_abs_2504_13209
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle On the Feasibility of Using MultiModal LLMs to Execute AR Social Engineering Attacks
Bi, Ting
Ye, Chenghang
Yang, Zheyu
Zhou, Ziyi
Tang, Cui
Zhang, Jun
Tao, Zui
Wang, Kailong
Zhou, Liting
Yang, Yang
Yu, Tianlong
Cryptography and Security
Artificial Intelligence
Augmented Reality (AR) and Multimodal Large Language Models (LLMs) are rapidly evolving, providing unprecedented capabilities for human-computer interaction. However, their integration introduces a new attack surface for social engineering. In this paper, we systematically investigate the feasibility of orchestrating AR-driven Social Engineering attacks using Multimodal LLM for the first time, via our proposed SEAR framework, which operates through three key phases: (1) AR-based social context synthesis, which fuses Multimodal inputs (visual, auditory and environmental cues); (2) role-based Multimodal RAG (Retrieval-Augmented Generation), which dynamically retrieves and integrates contextual data while preserving character differentiation; and (3) ReInteract social engineering agents, which execute adaptive multiphase attack strategies through inference interaction loops. To verify SEAR, we conducted an IRB-approved study with 60 participants in three experimental configurations (unassisted, AR+LLM, and full SEAR pipeline) compiling a new dataset of 180 annotated conversations in simulated social scenarios. Our results show that SEAR is highly effective at eliciting high-risk behaviors (e.g., 93.3% of participants susceptible to email phishing). The framework was particularly effective in building trust, with 85% of targets willing to accept an attacker's call after an interaction. Also, we identified notable limitations such as ``occasionally artificial'' due to perceived authenticity gaps. This work provides proof-of-concept for AR-LLM driven social engineering attacks and insights for developing defensive countermeasures against next-generation augmented reality threats.
title On the Feasibility of Using MultiModal LLMs to Execute AR Social Engineering Attacks
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2504.13209