Minimizing AR/VR Security And Privacy Risks

Augmented Reality (AR) and Virtual Reality (VR) applications help us attach images of digital objects to users’ perceptions of their surroundings or immerse users in a digital world to enhance their entertainment, gaming, learning, and other experiences. AR and VR collectively fall under an umbrella term called Extended Reality (XR). Even though Augmented Reality (AR) and Virtual Reality (VR) are closely connected, they are not the same.

Augmented Reality adds digital elements such as observable, audible, or sensible to the real world view to augment the real world. Whereas Virtual Reality creates its digital world and needs some devices, such as a headset or specs, to experience it.

AR Security and Privacy Issues

  • Among all issues the biggest concern is privacy. AR application usually collects more information than social media networks and other technologies such as who the user is and what the user is doing. It raises many privacy concerns and questions related to hacking, usage, and security of user information, data storage, etc.
  • Spoofing, sniffing, and data manipulation are commonly occurring cyber attacks on AR content. It makes the content unreliable even if it comes from an authentic source. Reliable content generation and transmission techniques for AR technology are still evolving
  • Social engineering attackers can effectively use AR as a tool to deceive users
  • Hackers can inject malware into AR applications via ads
  • Attackers can pirate network credentials of wearable devices and drain user accounts quietly by using users’ recorded card details and mobile payment solutions in their profiles
  • Denial of Service attacks can cause serious consequences for professionals using AR technology in critical situations
  • Man in the middle attack can occur during communications between AR browser and AR provider, AR channel owners, and third-party servers
  • Hackers can record a user’s behavior and interactions in an AR environment and threaten the user to release it publicly unless the user pays a ransom
  • Physical damage or getting stolen from a wearable AR device is another security threat

VR Risks and Security Concerns

  • Even though VR is restricted to a closed environment and doesn’t interact with the real world, VR headsets cover the user’s entire vision and could be dangerous if hackers take over the device
  • Privacy is a major concern. VR collects biometric data such as iris or retina scans, fingerprints and handprints, face geometry, and voiceprints
    • Attackers can capture finger tracking data and steal sensitive information like passwords
    • Similarly, eye tracking could reveal valuable data to attackers
  • Ransomware attackers embed malicious features into VR platforms to mislead users and collect their personal information
  • If an attacker gets access to a user’s motion-tracking data from a VR headset, a digital replica (deepfakes) can be created out of it. This undermines security and it can be used for social engineering attacks
  • It can hurt health such as feeling dizzy, nauseous, or spatially unaware
  • No human connection

Points to Note While Using AR/VR Systems

  • Don’t disclose highly sensitive information such as setting up credit card details in the user account
  • Understand how companies are storing user data in AR and VR platforms by reading company privacy policies
  • Use a VPN service to protect user identity and data
  • Keep firmware of users’ VR headsets and AR wearables up to date
  • Use comprehensive anti-virus software to prevent online threats

Final Thoughts

Nowadays metaverse progresses at an accelerated pace that makes the expansion of AR/VR technologies inevitable. The pandemic played the role of a catalyst for creating a virtual world for people to interact with each other same as that of the physical world. Also, companies started leveraging AR/VR technologies for training their employees, cost reduction, and design efficiency. Even though AR/VR domains are comparatively new, they are flourishing and as they get matured their security and privacy concerns will be addressed.

Author Details

Sajin Somarajan

Sajin is a Solution Architect at Infosys Digital Experience. He architects microservices, UI/Mobile applications, and Enterprise cloud solutions. He helps deliver digital transformation programs for enterprises, by leveraging cloud services, designing cloud-native applications and providing leadership, strategy, and technical consultation.

Leave a Comment

Your email address will not be published.