Follow us

Metaverse and security risks through VR and AR

Novel technologies bring with them unknown security dangers

Published: November 23, 2021 By Hamna Imran

A person wearing a VR headset

Image source – pexels.com

"Fantasy world is no longer imaginative."

With Facebook introducing Meta and Virtual Reality, a new wave of concerns and critiques has arisen.

Comments like "These technologies will never be able to avoid the risk radar, no matter how sophisticated or evolved they are!"

Although, Augmented Reality and Virtual Reality advancements are flooding the market at breakneck speed, reality is that the threat landscape is also quickly expanding to encompass new emerging technologies.

As the world waits to see how augmented and virtual reality will change how we play, study, train, travel, shop, and more, it's time to prepare ourselves for the worst-case scenario.

But how you can stay safe. Let's see.

AR and VR explained

Augmented reality (AR) uses a smartphone's camera to overlay digital components to a live scene. Snapchat glasses and the game Pokemon Go are two examples of augmented reality experiences.

Virtual reality (VR) means a completely immersive experience that isolates the user from the outside world. Users may be transported into various real-world and imagined situations, such as the center of a squawking penguin colony or the back of a dragon, using VR devices such as the HTC Vive, Oculus Rift, or Google Cardboard.

Real-world and digital items interact in a Mixed Reality (MR) experience, which includes features of both AR and VR.

Extended Reality (XR) is a catch-all word for any technologies that improve our senses, whether by delivering extra information about the real world or building completely unreal, simulated worlds for us to explore.

The worldwide market value for augmented reality technology is expected to rise from $4 billion in 2017 to $60 billion by 2023, with use cases already being created in:

  • Entertainment
  • Retail
  • Engineering
  • Manufacturing
  • Healthcare industries

Facebook as “Metaverse”

Mark Zuckerberg wants Facebook to change from a social media network to a "metaverse company in the next five years."

A metaverse is a virtual environment where people use virtual reality headsets to play games, work, and interact.

Facebook dives into the metaverse with its name change

Image source – adweek.com

An embodied internet where instead of just viewing content - you are in it.

Facebook CEO describes metaverse.

Zuckerberg is so committed to this journey that he renamed the firm "Meta."

Metaverse as the next chapter to Internet

It may be possible to watch information flash past your eyes as you walk around a city using augmented reality glasses, ranging from traffic and pollution updates to local history.

Proponents of the metaverse, on the other hand, anticipate a future where the notion may be further enlarged, allowing us to be transported to virtual locations that seem real, such as a nightclub or a hilltop.

Facebook has made significant investments in virtual reality, investing $2 billion (£1.46 billion) to acquire Oculus, which develops its VR products.

Zuckerberg argued that Facebook's metaverse would be "available across many computing platforms," such as VR, AR (augmented reality), PC, mobile devices, and gaming consoles.

Should we be concerned about privacy in the metaverse?

Perhaps the most data-extractive digital sensors we're going to invite into our homes in the coming decade are metaverse technologies like VR and AR.

Marcus Carter, a senior lecturer in digital cultures at the University of Sydney, expressed reservations about data privacy in Facebook's metaverse.

Indeed, Meta is currently gathering massive amounts of user data through its existing virtual reality products, including physical characteristics such as an estimate of a person's hand size, digital items and audio created in VR, and information about users from third-party VR developers.

Future metaverse goods, according to Zuckerberg, would be built "for safety, privacy, and inclusiveness" with the help of outside experts.

However, history indicates that data privacy may not be at the top of his priority list.

In 2018, the Federal Trade Commission fined Facebook $5 billion for customer data breaches and imposed stricter privacy controls on the social media giant.

As a result of these considerations, data privacy will continue to be a concern in the development of the metaverse.

Making mountains out of molehills with Meta?

This is entirely speculative, but it's simple to see how multiple unconnected facets of VR/AR may unwittingly aid criminals. It might be harmful if the necessary privacy tools aren't available, and if users aren't given cautions about why doing x or y in VR isn't safe.

Regardless of the path Meta takes, it is up to the individuals wearing the headsets and glasses to be comfortable with their choices and conscious of the privacy risks associated with VR and AR.

There's an entirely new digital world out there.

Meta claims that the metaverse will be constructed responsibly

All the claims regarding privacy issues of metaverse were denied by Facebook owner Meta who stated that the announcement had been planned for some time and that the metaverse will be constructed with accountability at its core.

We will cooperate with legislators, experts, and industry partners to bring this to reality. The metaverse will not be developed overnight by a single firm.

Andrew Bosworth, VP, Facebook Reality Labs and Nick Clegg, VP, global affairs claimed in a blog.

According to Meta, it will engage with the human rights and civil rights organisations from the beginning to guarantee that technologies are designed in a way that is inclusive and empowering.

Privacy concerns of Augmented Reality (AR)

While AR advancements are thrilling, they provide new means to obtain data and new opportunities to alter links between the human and digital worlds.

Some of the AR privacy concerns and questions are:

AR privacy concerns

Social engineering attacks

It is very simple to confirm one's identity in the real world, but the key problem in Metaverse is validating voice, facial features, and video recordings using avatars.

The Metaverse is primarily a virtual community of people that interact through AR and VR equipment. This brings up existing problems in a new light, such as tricking people into giving out their personal information through social engineering techniques, identity theft using biometric data, and so on.

Denial of service

Another possible assault we see here is the denial of service, in which people who rely on AR displays for their jobs are abruptly disconnected from the stream of data they're getting.

This scenario can occur in any application area. However, AR is particularly concerning since many professional employees may utilize the technology to complete jobs in crucial scenarios when a lack of knowledge might have devastating or fatal repercussions.

Untrustworthy information

Graphics and information are superimposed over the real environment in augmented reality. Gamers, retailers, architects, and professionals will make real-world decisions based on the information offered by AR applications.

Hackers might inflict harm if they breach an app and display bogus information and graphical elements on a victim's AR display or glasses.

Consider a doctor using an AR display to check on a patient's vital signs, only to be presented with incorrect information and miss a patient who needs quick treatment.

Theft of network credentials

Criminals may steal network credentials from Android-powered wearable gadgets. Hacking might be a cyber concern for retailers who utilize augmented reality and virtual reality shopping apps.

Many consumers' credit card information and mobile payment methods are already stored in their user profiles.

Because mobile payment is an easy process, hackers may obtain access to these and secretly deplete accounts.

Privacy concerns of Virtual Reality (VR)

Privacy is a key worry with VR, just as it is with AR. The very personal nature of the obtained data – i.e.,biometric data such as iris or retina scans, fingerprints and handprints, facial geometry, and voiceprints – is a fundamental VR privacy concern. Other examples include

VR privacy concerns

Ransomware

Attackers may potentially insert features into VR platforms with the intent of deceiving users into disclosing personal information. As with AR, this opens the door to ransomware assaults, in which hostile actors destroy systems before demanding a ransom.

Ransomware attack

Image source – venturebeat.com

Fake identities

Machine-learning algorithms enable the manipulation of sounds and films to the point where they appear authentic.

Suppose a hacker gains access to a VR headset's motion-tracking data. They can exploit it to generate a digital duplicate (also known as deepfakes), weakening VR security. They may then superimpose this on someone else's virtual reality experience to launch a social engineering attack.

Limiting connection to the outer world

Aside from cybersecurity concerns, one of the most serious risks of virtual reality is that it entirely cuts off a user's audio-visual connection to the outside world.

It is always critical to initially assess the physical safety and security of the user's environment. It is also true for augmented reality, as users must keep a strong awareness of their surroundings, especially in more immersive contexts.

Other issues with VR that opponents refer to as virtual reality drawbacks include:

VR drawback compared with AR

Because of its capacity to record huge volumes of data about individuals and how they behave and live, VR and AR technologies create significant privacy issues. Even a 20-minute VR gaming session may collect millions of data points, such as a person's room arrangement and the distinctive patterns of a gamer's actions.

Says Rep. Susan Delbene, D-wash, who wants federal laws on data privacy.

How to stay safe from AR and VR security threats?

There is currently no definite information on how safe it is to use augmented and virtual reality. One of the most effective security controls, defenses, and protections you can employ to prevent security and privacy issues is not exposing yourself too much online.

You can follow the tips given below to keep yourself safe from various security threats.

Examine privacy policies

Long data privacy regulations or terms and conditions are easy to overlook at times. However, it's important investigating how the corporations behind AR and VR platforms keep and use your data.

Are they, for example, sharing your information with third parties? What type of information do they share and collect?

Make sure you're utilizing the Internet in a secure manner

Using a VPN service is one approach to keep your online identity and data secure. If you need to reveal sensitive information, a VPN can help you avoid having that information compromised. To keep your identity and data confidential, advanced encryption and a changed IP address work together.

VPN keeps you secure

Image source – act4apps.org

Also, be careful what websites you end yourself on if you join any VR or AR online forums. It would help if you also used a proactive internet security solution to ensure that each link you open is safe and free of viruses.

Updating firmware is essential

It's critical to maintain the firmware on your VR headsets and AR devices up to date. Updates assist in fixing security problems as well as provide new features and improve current ones.

Avoid providing too personal or unnecessary information

Don't reveal any information that is too personal or that isn't required. Setting up an account with your email is one thing, but don't put up your credit card until you make a specific purchase.

Conclusion

It's undeniable that AR and VR provide a plethora of exciting possibilities for research and user experience. However, we must be exceedingly mindful of the potential harm they may do, as well as the privacy problems they may entail.

Policymakers should think about how current or new data protection legislation may give consumers meaningful rights and corporations clear duties regarding extended reality data.

The threats are more diverse than you might expect

Take precautions and stay safe!

Tags: 
Threats
Author
Hamna Imran
Cyber Security student and keen learner, writing articles for several other websites.

Leave a comment

click to select