Blog: Cyber security & the Metaverse

The Metaverse, or the infinite digital landscape on to which the content of The New Realities is projected, will grow exponentially over the next few years.

From training, decision-making, and events, to holoportation, teleoperations, and new commerce opportunities, the Metaverse offers fresh possibilities for unforeseen threats to the security of the consumer, commercial, and corporate markets.

Expected to become a trillion dollar industry by 2035, with half of the 50,000 largest businesses worldwide to have piloted or already integrated The New Realities for enterprise application and customer use by 2020, individuals, broadcasters, and companies should all be aware of the potential risks emerging in the Metaverse.

As The New Realities offer the next level of digital interaction, our digital lives will increasingly shift from computers and mobile phones into the Metaverse.

”It is just a matter of time before virtual breaches become real world court cases”

At the moment, the true value of potential data and cyber breaches still lies within underlying legacy systems, but as the Metaverse becomes a new marketplace for both personal data and commerce, the risk of a breach becomes imminent.

Integrating contactless payments into software will increase risk of fraud. MasterCard has partnered with Wearability to create a virtual world where consumers can make purchases within a game or experience. The game ‘Priceless Golf’ integrates ecommerce capabilities, allowing you to golf with Tiger Woods and buy his clubs or the clothes he’s wearing on a whim.

In 2017, Worldpay developed a prototype that uses EMV (Europay, MasterCard, Visa) in VR. Similar to contactless payments, a shopper taps a virtual card across a virtual card machine for purchases under £30, and for amounts over £30 users enter their PIN number into a virtual keypad. Biometric security systems use fingerprint, iris, voice, and facial recognition to increase security, and as they become more prevalent in real world transactions they will raise standards for security in the Metaverse as well.

Due to the high costs associated with developing AR, VR and MR solutions, many bespoke systems are being created through open source platforms to keep costs down. The ability to obtain core software from open source platforms means that there is a risk of inadvertent exposure to third party coding that could allow sensitive information to be shared or distributed by accident or with malicious intent.

With recent cases of children being exposed to disturbing and traumatising versions of their favourite shows like Peppa Pig on YouTube, the same could happen in the Metaverse.

Researchers from the University of New Haven in Connecticut recently found that there’s nothing stopping an attacker from changing what you see in VR. In a controlled attack they were able to successfully alter the content in a VR experience, finding that VR has no protection on a compromised computed.

Tested on both the Oculus and HTC Vive, the attacks were done through OpenVR, a software development kit by Valve. Researchers had expected to find protections in place so that attackers weren’t lead directly to important data, but instead found that crucial elements of the software were not encrypted, leaving the front door wide open for attacks. Besides altering content, hackers were also able to move virtual boundaries that physically protect users from walking into walls or falling down stairs.

To protect against data breaches, fraud, and malicious malware, new security frameworks will be required.

Cyber security laws and protocols will need to be reconsidered and amended, and perhaps even invented, to include all the new risks of the Metaverse. While at the moment the Metaverse is still the virtual Wild West, it is just a matter of time before virtual breaches become real world court cases.