An Oculus Quest 2 jailbreak that bypasses its Facebook login has reportedly been discovered.
Non-profit research company the XR (Extended Reality) Safety Initiative said it had confirmed root access on the recently-released Oculus Quest 2, which was first claimed on reddit just over a week ago.
In a post published on ReadyHackerOne.com, XRSI founder Kavya Pearlman said that following a researcher from the XR community bypassing Facebook login on the Oculus Quest 2, its own researchers validated the jailbreak.
XRSI demands the right to repair for XR devices, including virtual reality headsets, under Right to Repair legislation in the US. This is meant to let consumers repair and modify their own consumer electronics devices - despite manufacturer terms of service.
The Oculus Quest 2 is a controversial device because it requires a Facebook login to work. Earlier in October, some users reported their headsets were left unusable due to Facebook account merging problems. Last week, Facebook's augmented and virtual reality boss Andrew Bosworth responded to the account suspension issue by saying "people should continue to make sure their Facebook accounts are in good standing before they buy the headset". And over the weekend it emerged that deleting Facebook also deletes your Oculus purchases.
While there's keen interest in any potential Oculus Quest 2 jailbreak, Facebook itself will likely look to shut it down before it's made publicly available. Pearlman said XRSI was "currently working to gather assurances to protect the individuals who discovered these methods of jailbreak", with legal action already predicted by some.
WebXR developer Robert Long, who offered a $5000 reward for jailbreaking Oculus Quest 2, took to Twitter to say root access was "important to the community, regardless of whether or not you buy one".
"We have the right to repair our own hardware," Long said. "It is our right to restore access to this hardware when it is taken from us. We have the right to legally modify our own devices just as people already do with their phones.
"We need to be certain that our biometric data is being used correctly. We need to know how and when our voice and movement data is being used. Security researchers need root access to the headset to validate the manufacturers claims.
"Businesses are taking a huge risk by building for the emerging XR market. In response they are bullied into being bought or risk being cloned or thrown out of the store. We need alternative open content marketplaces.
"These principles should apply to every headset and app ecosystem. By taking a stand against Facebook, we are taking a stand for the entire XR ecosystem."