Tue. Dec 6th, 2022

There will be new security threats and pitfalls to contend with as virtual and augmented reality platforms develop into the “metaverse,” according to its creators.

Last fall, Facebook rebranded itself as Meta and made a huge bet on bringing the technology to both consumers and businesses; other technology companies have followed suit; the concept of a 3D virtual environment where users can interact and socialise has existed for some time. There is a belief that as the metaverse grows, new threats will emerge that have not even been contemplated by most.

In an interview with SearchSecurity, XRSI CEO Kavya Pearlman said that many of the early risks developers and companies will face are the same ones that currently affect many websites and web applications.

“You can still exploit existing CVEs,” Pearlman noted.

It’ll all happen because “most of these things are running on the same protocol.”.” As a result, security holes like Log4Shell will continue to exist in metaverse platforms, according to Pearlman. The same security measures and countermeasures must be taken by both developers and administrators.

Virtual and augmented reality platforms in the metaverse, according to University of Phoenix faculty member Stephanie Benoit-Kurtz, will make corporate networks more vulnerable and allow an attacker to steal data from virtual meetings and presentations without being detected.

Metaverse META

At the Connect 2021 event last fall, Mark Zuckerberg demonstrated his metaverse avatar.

“From VR headsets to other types of devices that augment the experiences, the infrastructure required to support this new environment is exponentially more extensive than what exists today,” Benoit-Kurtz said. Because of this, “bad actors will look for ways to exploit every endpoint, whether it be for identity theft on the network or denial-of-service attacks,” according to the authors of this article.

You never know what could happen.

However, as the technology advances and develops, new issues are bound to arise. Attacks could, for example, cross over from the digital realm into the realm of actual physical harm.

Research by Pearlman and his colleagues at XRSI shows how a hacker could use a VR platform to reset the physical boundaries of hardware. Furniture or stairs could be used as an example of how a user could be put in harm’s way. Even more dangerous is the potential for users to be misdirected into a street or into a dangerous physical situation, such as being robbed or being kidnapped, by augmented reality.

Even worse, a fictitious attack could leave its victims feeling sick to their stomachs. “We know that motion sickness can occur in virtual reality,” Pearlman said. It’s possible for a user to get motion sick when they click on a link. Christopher Boyd, a senior threat researcher at Malwarebytes, believes that other attacks could be even more dangerous.

“Paid advertising was a major entry point for cyber criminals just a few years ago. The introduction of dynamic ad spaces into games is likely to lead to compromises and rogue ads, which is understandable “SearchSecurity spoke to Boyd about the issue. As with similar attacks on epilepsy foundations on social media and forums, malicious individuals could have replaced regular advertisements with strobing images designed to elicit epileptic seizures.”

Games of the mind

The worst-case scenario for the metaverse is the effect on the mental health of its users.

Developers of virtual environments will first and foremost have to deal with the issue of harassment. In virtual reality, sexual harassment and abuse is the primary current route to physical exploitation,” Boyd said. This is often aided by weak or absent safety settings. For a long time, this has been an issue in virtual environments and there are many ways to address it.

Immersion in virtual worlds for an extended period of time may also lead to other kinds of mental health problems. A condition known as “phantom timeline syndrome” occurs when the boundaries between the virtual and real worlds become blurred, according to Pearlman, a former head of security at Linden Lab.

Pearlman said, “You won’t be able to tell the difference between reality and VR.” “When you exit VR, you still feel like you’re in a virtual world.”

Children who grow up in the metaverse are especially at risk, she said. Pearlman fears that attackers could use misinformation to manipulate children and instil false beliefs in them as they spend a lot of time in virtual and augmented reality platforms.

Personal information can also be stolen. Children’s privacy would be jeopardised if metaverse platforms were able to collect images and other personal information about their users.

When talking about children, “the concept of privacy becomes even more concerning,” Benoit-Kurtz said. As a result, the current Children’s Online Privacy Protection Act (COPPA) is inadequate to deal with the future of this technology or the adequate safeguards to handle the exponential personal information these environments will collect.”

Methods of Preparation

According to Pearlman and Benoit-Kurtz, a number of policy changes will be required if companies are to safeguard their data and the privacy of their employees.

To ensure that their AR and VR platforms aren’t being abused by hackers or unethical managers who want to violate the privacy of their coworkers and subordinates, businesses will need to plan in advance.

“IT and HR are only a small part of the equation when it comes to an organization’s decision to implement this technology. Over the next five to ten years, this foray into the metaverse will have a significant impact on organisations “Instructed by Benoit-Kurtz.

It’s time to take a proactive stance rather than wait for the technology to come knocking at your door. Organizations should begin the conversation at the organisational level now.

By Adam

If you want to contribute kindly contact at [email protected] or [email protected] also you can buy guest posts from our other different sites and write post for us.

Leave a Reply

Your email address will not be published. Required fields are marked *