A lot has been said about Augmented reality and Virtual reality (VR). Its impact on certain industries (tourism, healthcare, education) is limitless.
Yet it seems that few people have discussed the cybersecurity implications of such technology.
Let’s put aside topics often discussed such as:
- Physical security – when you loose balance and fall or walk into traffic due to the lack attention
- Medical risk of exposure to intense lighting from close distance
- Behavioral conduct and related security – online bulling and other targeted psychological arm
- Legal framework not being up to date to this upcoming revolution. Must we rely on corporation’s terms and condition or should we have text of laws? How would you punish law trespassing in a virtual environment?
With virtual reality the need to create an avatar will need to go further than a Facebook Profile. Some startups are working on the possibility to scan the entire body.
We can already foresee some of the issue related to this avatar creator business:
- Which company can we trust to generate our avatar? Must we create a certification to approve scanner and ensure the consistency of avatars?
- In an era of mega breaches, private and public organizations fail to protect information. Where should we store our virtual reality avatar.?
What is the consequences if someone steal your virtual reality avatar? We are not talking about a username and password of a twitter account but a full replica of your biometric self. A full copy of your physical self. The one thing you cannot change.
Hacking virtual environment
Virtual environment will increase the already booming e-commerce industry. But it will as well act as relay of growth for several industries:
- real estate
- online education
- online dating
This brings my attention to the risk of virtual environment alterations. A hacker could change the values of commodities in the VR to benefit him. How can we protect ourselves from virtual thefts?
Imagine the following scenarios:
As a part of a competition, you spend 200 hours building a “Lego” version of an Audi A5. You win the competition for the most realistic “Lego” built car in the virtual reality… Therefore you receive a virtual Audi A5 that you can use for your transportation within the game. One day someone alters the ownership of the vehicle and you don’t have access to it anymore. In a way, someone stole your car or 200 hours of your time.
Change the reality:
To increase accessibility, the tourism office of Paris decides to replicate some museum gallery. After the complete replication and modeled process, the museum start selling tickets. The day the first virtual tourist walks in, he discovers a hacker trashed all the paintings. Therefore, the museum needs to revert back to a previous version of the project modeling or refund tickets. What if the changes are hard to spots? Someone could change all the paintings description to include a fake date. Change the spelling of a Greek sculptor. How hard would it be to spot by curators or administrators of the virtual museum?
Even further, a hacker could access a location in the museum restricted to curators.
The same way applications are currently cracked to run outside their perimeters. Nothing guarantees that someone is not bending the virtual reality parameters.
Hack of the end user gears
While the mobile antivirus industry is still at its infancy, the risk of mobile virus is real. It’s hard for the regular user to understand the risk encounter with their mobile devices. What would it be the risk encounter with the virtual reality gears.
Could a virus run in the background and inject subliminal images in your video stream? A “key-logger” could record your interactions to create pattern to impersonate you better later. Ransom ware that would block you from logging into your virtual environment until the ransom was paid.
Is this the birth of a new territory for antivirus companies?
The scenarios question the future of cybersecurity of virtual reality.