{"id":31417,"date":"2023-05-21T05:41:16","date_gmt":"2023-05-21T09:41:16","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&p=31417"},"modified":"2023-10-20T05:52:04","modified_gmt":"2023-10-20T09:52:04","slug":"ar-vr-cybersecurity","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/ar-vr-cybersecurity\/31417\/","title":{"rendered":"Does virtual and augmented reality mean augmented cybercrime too?"},"content":{"rendered":"

Not so long ago, augmented reality (AR) and virtual reality (VR) were the stuff of science fiction. Now they\u2019ve become more than just niche experimental technologies. They\u2019re rapidly entering the mainstream, particularly in the consumer world of interactive media. But it\u2019s not just things like video games that are being transformed by the rise of VR platforms \u2013 there are some promising business cases for AR and VR too. In fact, some experts estimate that they will become indispensable technologies in the business world by as early as 2025<\/a>.<\/p>\n

What is augmented and virtual reality?<\/h2>\n

Although augmented and virtual reality are closely related, they\u2019re not the same thing. AR \u2018augments\u2019 the real world around the user by adding digital elements to the real-world view. Perhaps the most familiar example is the mobile game Pok\u00e9mon Go, as well as less successful products like the infamous Google Glass<\/a>. VR, by contrast, provides a far more immersive experience, since it relies on shutting out the physical world entirely. Popular VR devices include gaming platforms like HTC Vive<\/a> and Oculus Rift<\/a>, as well as lower-tech and more affordable experiences like those offered by Google Cardboard<\/a>. Another term you\u2019ll encounter is mixed reality (MR), which refers to experiences that combine elements of both VR and AR. One of the best-known examples is Microsoft HoloLens<\/a>, an MR platform designed specifically for business applications.<\/p>\n

What are the business applications of augmented and virtual reality?<\/h2>\n

Rapid prototyping<\/h3>\n

One of the most promising applications is product prototyping, a process which involves creating a complete digital model of a product (or, a so-called digital twin<\/a>) and merging it with a VR experience. This allows for extensive testing and ideation without the high costs of developing multiple physical prototypes.<\/p>\n

Employee training<\/h3>\n

Another popular business application, and one that\u2019s already entering mainstream use, is employee training. By applying VR or AR to training programs, it\u2019s possible to build a safe and highly interactive simulated environment with real-time feedback. Similarly, AR and VR can help improve workplace safety, especially in hazardous environments, be they workshop floors or nuclear reactors. AR can also help workers assemble, operate and maintain complex machines by providing real-time information overlaid onto their headsets.<\/p>\n

These are just a few of the exciting applications of augmented and virtual reality. And, though they might still sound like science fiction to the layperson, they\u2019re actually not. Companies like Ford, Airbus and Sotheby\u2019s are already using them.<\/p>\n

The wearable camera problem<\/h2>\n

Augmented reality headsets depend on their abilities to understand the local environment, which means cameras are often essential components and they can pose a security risk. Ever since the first Google Glass prototype was released to much fanfare back in 2013 (only to fail miserably by 2015), there have been growing concerns around privacy and security. The launch of Google Glass even gave rise to the colorful term \u2018glasshole\u2019<\/a>, which refers to those people who behaved inappropriately while using the device (such as by spying on others and taking photos without their knowledge). But edgy names aside, this has serious implications in fields such as healthcare where organizations are subject to strict compliance regulations like HIPAA to protect patient privacy.<\/p>\n

A new frontier for social engineering<\/h2>\n

\"Person
\nAside from privacy concerns, AR and VR devices are connected like any other. They\u2019re part of a rapidly growing global network that\u2019s often dubbed the Internet of Things<\/a> (IoT). And, like any connected device, they handle the transmission and storage of data, which might be misappropriated by hackers. When it comes to the immersive experiences of AR and VR, this has especially worrying potential in corporate espionage and social engineering. When technology can reach the point of convincing the brain it\u2019s somewhere where it\u2019s not, the opportunities for taking advantage of human vulnerabilities are enormous.<\/p>\n

As with any technology, the weakest link is normally the users themselves, which makes AR and VR a unique target for exploiting people. For example, attackers might inject features into VR platforms designed to mislead users into giving away personal information. There are also new implications for ransomware, in which attackers could sabotage platforms and interrupt important meetings before asking for a ransom.<\/p>\n

VR and AR experiences are only going to get more immersive and more realistic. On the one hand, this might make them more engaging and widely used. On the other, it makes them more dangerous. Fake identities, or so-called \u2018deepfakes<\/a>\u2018 generated by machine-learning technologies, for example, allow for the manipulation of voices and videos to the extent they still look like genuine footage. If a hacker could access the motion-tracking data from a VR headset, they could potentially use it to create a digital replica. They could then superimpose this on someone else\u2019s VR experience, such as an immersive business conference, to carry out a social engineering attack. With people interacting more and more through avatars, this brings an entirely new dimension to the disturbing world of cybercrime.<\/p>\n

Data breach risks<\/h2>\n

Aside from potentially providing cybercriminals with new ways to manipulate their victims, VR and AR present all the classic cybersecurity risks too. As systems that transmit and store data, they\u2019re fair game for anyone wanting to get their hands on the most valuable commodity in the world<\/a>: personal data. They\u2019re also possible targets for denial of service attacks (DDos), which could have very serious implications for those depending on AR in critical situations such as surgical procedures or when operating dangerous machinery.<\/p>\n

Mitigating the risks isn\u2019t as hard as you think<\/h2>\n

To address the risks associated with AR and VR, it\u2019s best to start with the core principles of information security \u2013 the very same ones that should be governing the wider IT infrastructure across the organization. Although attacks against AR and VR systems manifest themselves in different ways, the technological and administrative measures used to safeguard them are similar to other forms of connected technology. They use the same protocols as any other connected device, so all the standard rules apply \u2013 include them in your risk assessments, keep firmware up to date and encrypt any sensitive data. And never take security for granted. Most AR and VR devices don\u2019t encrypt data by default, and they may integrate with third-party apps which themselves have dubious security.<\/p>\n

On top of all the standard measures, AR and VR present some unique challenges, particularly when it comes to physical security and safety. One of the biggest problems with VR specifically is that it completely blocks off a user\u2019s visual and auditory connection to the outside world. It\u2019s always important to evaluate the physical safety and security of the user\u2019s environment first. This also applies to AR, in which it\u2019s important for users to maintain a high degree of situational awareness, particularly in more immersive environments. And, it should go without saying, but don\u2019t run around in a busy workspace wearing a VR headset!<\/p>\n

Although identity and access management are central to any information security strategy and concern any device, this is an area that\u2019s often overlooked when it comes to the adoption of AR and VR systems. You might, for example, be able to identify other people you\u2019re working with by their avatars, but there\u2019s also the potential risk of the avatar being copied and used by an unauthorized party. Fortunately, used in the right way, AR and VR can potentially improve identity and access management with multifactor authentication (MFA) \u2013 for example using eye-tracking sensors to verify your identity before you can access the rest of the system.<\/p>\n

While the challenges are undeniable, so is the potential of adopting augmented and virtual reality into the workplace.<\/p>\n","protected":false},"excerpt":{"rendered":"

Virtual and augmented reality introduce intriguing new opportunities for innovation across many industry sectors, but what are the security risks and how can we overcome them?<\/p>\n","protected":false},"author":2703,"featured_media":49375,"template":"","coauthors":[4311],"class_list":{"0":"post-31417","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-cybersecurity","7":"emagazine-category-emerging-tech","8":"emagazine-category-internet-of-things","9":"emagazine-tag-ar","10":"emagazine-tag-vr"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/ar-vr-cybersecurity\/31417\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/ar-vr-cybersecurity\/21894\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/31417","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2703"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/49375"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=31417"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=31417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}