Researchers have exposed a potential security vulnerability in Meta's VR headsets, a new study says. The so-called "inception attack" allows an attacker to spy on and control a user's VR environment.