Calls for a Quest 2 ‘jailbreak’—a means of freeing the device from Facebook account requirements and other software-based restrictions—cropped up within days of the headset’s release. Today, less than two weeks later, the first jailbreak for the headset has reportedly been verified.
XRSI—a non-profit promoting privacy and security in the XR space—today claimed it has verified a Quest 2 jailbreak method which achieves full control of the device and can skip the Facebook account requirement. Here’s the full statement from Kavya Pearlman, the founder of XRSI, via the group’s blog, Ready Hacker 1.
A researcher from the XR community has gained root access to Oculus Quest 2 and is able to bypass Facebook Login. XRSI’s own researchers have validated this jailbreak and are currently working to gather assurances to protect the individuals who discovered these methods of jailbreak. We have also learned there are other researchers out there, who have gained similar access and are unsure how to proceed without clear policies around the right to repair. If you are one of those researchers, we urge you to contact us and share the details in a secure manner. Contact XR Safety Initiative XRSI via firstname.lastname@example.org or Use Signal 510-990-4438
Days after the launch of Quest 2, Robert Long, a WebXR developer at Mozilla, offered up $5,000 of his own cash to anyone capable of freeing Quest 2 from Facebook services. Shortly afterwards, Oculus’ departed founder, Palmer Luckey, vowed to match Long’s bounty which gained support among a few other voices in the community.
Long said about today’s news that XRSI’s “legal and security expertise has been crucial in pushing this effort forward.” He had originally planned to crowdfund an even larger bounty for the jailbreak, but it seems jailbreakers have beat him too it. Still, he says he intends to make good on his offer and encourages the same of others who offered matching support.
“I’m still committed to paying out my bounty and I hope members of the community will as well when we get this figured out,” Long says.
XRSI, the organization that verified the Quest 2 jailbreak, has set out to “create standards, guidelines, and awareness for XR stakeholders.”
The group has put forth a framework that they say is a “free, globally accessible baseline rulebook built by bringing together a diverse set of experts from various backgrounds and domains, including privacy and cybersecurity, cloud computing, immersive technologies, artificial intelligence, legal, artists, product design, engineering, and many more.”
One of the many issues surrounding the jailbreak is invariably the ‘Right to Repair’—the ability to have full control over hardware and software you own—which is conventionally applied to smartphones and wearables such as smartwatches and fitness devices. XRSI wants to help extend the same to AR/VR headsets, which would including protecting the right of users to jailbreak devices like Quest 2.
Update (October 26th, 2020): A prior version of this article misattributed the statement of a Quest 2 jailbreak verification to Robert Long. This has been updated to reflect XRSI’s role in the announcement.