Written by: Khairul Haqeem, Journalist, AOPG.
Many people believe that VR and AR will fundamentally alter the way we experience our daily lives and the world around us. The early 1990s saw a nascent stage for these technologies, which have now advanced to the point where they are now worth billions. But nevertheless, as is the case with any innovative technology, they are not without their share of possible risks. Users’ privacy is of paramount importance when it comes to augmented and virtual reality due to the significant risk of data abuse. We will discuss the risks associated with adopting these cutting-edge technologies, such as eye-tracking, deep fake technology, and extortion, and provide recommendations for mitigating such risks.
The Virtual Reality Check
As the market for virtual, augmented, and mixed reality grows rapidly, concerns about privacy and security continue to be raised. While Virtual Reality (VR) and Augmented Reality (AR) have their differences, they share several security and privacy concerns.
VR’s main advantage is that it creates a closed environment that doesn’t involve interactions with the real physical world, limiting the scope of its vulnerabilities. However, it can be dangerous if hackers take over the device, manipulating content in ways that cause dizziness or nausea in the user. Privacy is also a major issue with VR, as highly personal data such as biometric data (e.g., iris and retina scans, fingerprints, handprints, face geometry, and voiceprints) is collected.
One significant challenge for AR is privacy. The technology collects a lot of information about what the user is doing, raising concerns about how AR companies use and secure the information they have gathered from users. Where do they store augmented reality data? Is the data encrypted? Do AR companies share user data with third parties? These questions are not only theoretical: If hackers gain access to a device, the potential loss of privacy is enormous.
AR browsers facilitate the augmentation process but the content is created and delivered by third-party vendors and applications, raising concerns about the content’s reliability. Sophisticated hackers could substitute a user’s AR for one of their own, misleading people or providing false information. Malware, stealing network credentials, denial of service attacks, man-in-the-middle attacks, and ransomware are all potential threats.
Jonathan Tan, Managing Director, Asia at Trellix, emphasises the importance of transparency and adaptability when it comes to protecting data privacy in a rapidly evolving threat and regulatory landscape. According to Tan, organisations need to involve and train people across all functions and be transparent with customers about how they utilise data. To this end, Trellix ensures that all employees undergo GDPR training and certification, including data classification training and endpoint data protection controls.
While data protection technology is an essential component of data privacy, Tan highlights that it is not a silver bullet solution. Companies must engage a data protection consultant to design, classify, and optimise for the business needs relevant to industry practices, and build data protection workflows to track alerts or incidents.
As companies increasingly rely on tools like Teams, Zoom, and other cloud applications for internal and external collaboration, Trellix prioritises enhancing the user experience while ensuring the effectiveness and transparency of data protection. The company has a user forum where different industry users can share and provide feedback to help improve user experience. Tan’s commentary underscores the need for ongoing education and collaboration to protect data privacy effectively.
Given the potential unreliability of content, augmented reality systems can be an effective tool for deceiving users as part of social engineering attacks. For example, hackers could distort users’ perception of reality through fake signs or displays to lead them into performing actions that benefit the hackers. It is also worth noting that AR hackers can embed malicious content into applications via advertising, further undermining AR security.
Don’t Get Virtually Burned: How to Stay Safe in the VR/AR World
It is challenging to forecast and prevent security-related threats to users due to the immersive nature of these technologies and their interplay as part of the larger metaverse. Everyone who wants to reap the benefits of augmented and virtual reality without putting their data in danger shares this worry.
According to Rohan Ramesh, Director of Product Marketing – Identity and Access Management at Entrust, the key issue lies in the multiple 3rd party entities collecting and managing our data, which gives singular organisations the power to abuse this data – both intentionally and unintentionally. While AR and VR devices have built-in security capabilities, more fundamental forms of security and identity protection are also needed to address these concerns.
One solution gaining importance is Decentralised Identities (DID). DIDs ensure that personal information cannot be accessed, used, or modified without the user’s permission, placing control back into the individual’s hands. This concept involves users storing their identity information in their digital wallet, rather than relying on a centralised provider to own, store, and manage their data.
As defined and explained by Gartner, in a decentralised identity system, users can share various aspects of their identity without handing over their entire digital identity credentials using the concept of verifiable credentials with zero knowledge proof. This way, individuals can reveal only parts of their identities without handing over total control of their data to third parties. For example, someone can prove their age without revealing their gender identity, reducing the risk of targeted advertising and potential misuse of personal data.
As our physical and digital lives continue to blur, it’s essential to move our digital infrastructure towards decentralisation. By giving users control over their own identities and what aspects of the information they share with vendors and service providers, the risk of data misuse, data breaches, and identity theft is minimised. Ultimately, this ensures that AR and VR remain a protected experience, and users can enjoy the benefits of these technologies without getting virtually burned.
Stop The Virtual Nightmare
It’s crucial that, as we enter a world of ever-more-immersive technology, we don’t lose sight of the significance of safeguarding our privacy and personal data. And still, it is challenging to predict and manage security threats to users due to the nature of AR and VR and their interconnection inside the metaverse. As a result, it will be necessary to employ both established and novel trust approaches to guarantee that using these technologies is always a secure endeavour.
DIDs, or Decentralised Identities, are an intriguing approach to the problem of data privacy in augmented and virtual reality. DIDs can aid in reducing the likelihood of data breaches and identity theft by putting the power of information management back in the hands of individuals and enabling them to communicate only the elements of their identity that they deem appropriate. There’s clearly a pressing need for decentralisation as the barriers between our digital and real lives continue to blur.
There’s no denying that augmented and virtual reality has huge potential to improve fields like entertainment, education, and communication. Nevertheless, it’s crucial to keep in mind that these innovations aren’t risk-free. If we all do our part to learn about the risks and take measures to safeguard our data, we can make sure that the future of augmented and virtual reality is a happy and secure one.
Therefore, let’s welcome the future of augmented and virtual reality with open arms but keep our eyes peeled and ears open, and take precautions if required. There will be no more terrifying encounters in the virtual world, only safe and interesting ones.
Archive
- October 2024(44)
- September 2024(94)
- August 2024(100)
- July 2024(99)
- June 2024(126)
- May 2024(155)
- April 2024(123)
- March 2024(112)
- February 2024(109)
- January 2024(95)
- December 2023(56)
- November 2023(86)
- October 2023(97)
- September 2023(89)
- August 2023(101)
- July 2023(104)
- June 2023(113)
- May 2023(103)
- April 2023(93)
- March 2023(129)
- February 2023(77)
- January 2023(91)
- December 2022(90)
- November 2022(125)
- October 2022(117)
- September 2022(137)
- August 2022(119)
- July 2022(99)
- June 2022(128)
- May 2022(112)
- April 2022(108)
- March 2022(121)
- February 2022(93)
- January 2022(110)
- December 2021(92)
- November 2021(107)
- October 2021(101)
- September 2021(81)
- August 2021(74)
- July 2021(78)
- June 2021(92)
- May 2021(67)
- April 2021(79)
- March 2021(79)
- February 2021(58)
- January 2021(55)
- December 2020(56)
- November 2020(59)
- October 2020(78)
- September 2020(72)
- August 2020(64)
- July 2020(71)
- June 2020(74)
- May 2020(50)
- April 2020(71)
- March 2020(71)
- February 2020(58)
- January 2020(62)
- December 2019(57)
- November 2019(64)
- October 2019(25)
- September 2019(24)
- August 2019(14)
- July 2019(23)
- June 2019(54)
- May 2019(82)
- April 2019(76)
- March 2019(71)
- February 2019(67)
- January 2019(75)
- December 2018(44)
- November 2018(47)
- October 2018(74)
- September 2018(54)
- August 2018(61)
- July 2018(72)
- June 2018(62)
- May 2018(62)
- April 2018(73)
- March 2018(76)
- February 2018(8)
- January 2018(7)
- December 2017(6)
- November 2017(8)
- October 2017(3)
- September 2017(4)
- August 2017(4)
- July 2017(2)
- June 2017(5)
- May 2017(6)
- April 2017(11)
- March 2017(8)
- February 2017(16)
- January 2017(10)
- December 2016(12)
- November 2016(20)
- October 2016(7)
- September 2016(102)
- August 2016(168)
- July 2016(141)
- June 2016(149)
- May 2016(117)
- April 2016(59)
- March 2016(85)
- February 2016(153)
- December 2015(150)