Securing the metaverse: 3 cyber concerns
By Andrew Newman
First appearing as a concept in Neal Stephenson’s 1992 sci-fi cult classic Snow Crash, the metaverse, a completely immersive virtual world, is becoming a reality.
There are endless amounts of opportunities and use cases—education, entertainment, working from home, gaming, socializing, training, and more—enabled by augmented and virtual reality. But with the good must come the bad, and it would be erroneous to suggest that certain aspects of this brave-new world aren’t cause for concern.
Here are three concerns that we, as developers, security professionals, founders, and consumers must address now, when the metaverse is still getting off the ground.
1. What our kids are seeing and using
This new world is naturally very enticing for young people, who are the most likely to be the first to start exploring it. In many ways, they’re already there. Kids and teens (and even adults) are already playing games like Minecraft, Roblox, and Fortnite, which offer alternative worlds created for and by the user. Thus far, these games are our largest hints at what the metaverse might become.
However, we know that young people don’t tend to be particularly careful on social media or in guarding their digital footprint. Odds are that this naivety will continue as they enter the metaverse. You can too easily connect with other random players, trustworthy or not, and the option to make purchases through these games also makes your wallet vulnerable to bad actors.
An additional concern, one less to do with cybersecurity and more with real life, is that we really don’t know how the metaverse will affect the younger generation’s view of the world and the choices they make. There’s a thin line between virtual reality and skewed reality, and whether the ideals of the metaverse will have a positive effect on the next generation remains an open question.
2. Identity theft
Avatars in the metaverse are likely to become users’ digital identities, but that means that users will inevitably be susceptible to identity theft. What happens when your avatar gets hacked?
Unfortunately, avatar scams have already been reported on platforms like Roblox. The hacker will try to convince a user that they need access to their avatar with the ultimate aim of stealing their digital identity.
Additionally, if you can enter someone else’s world through a virtual reality (VR) device, you can attack them using any private information they’ve left lying around. Earlier this year, RAV researchers published a report on VR headsets being used as a form of spyware. Just as we are protective of our physical assets, we need to make sure that people protect their digital assets and personal information within the metaverse.
3. Digital currency scams
There’s always the risk of financial loss through the theft of digital currencies. The existence of blockchain technology ought to have made crypto transaction security exceptionally well protected. Yet we’ve seen several high-profile crypto hacks in the past couple of years, including the Axie Infinity hack and the Wormhole token bridge attack.
The transfer of cryptocurrencies relies on a secure platform, managed by two-factor authentication. But with the advent of cybercrime tactics such as SIM-swapping and email phishing, which can bypass authentication, there’s no guarantee that these transactions can be fully protected. Cybercriminals may rely on social engineering to carry out their scams, which can succeed even if the blockchain technology itself is technically sound. We shouldn’t assume that our funds are not susceptible to theft simply because they are in the metaverse rather than in a traditional banking network.
Final thoughts
We still don’t know precisely how the metaverse will play out. It’s imperative that, as the metaverse develops, every effort is made to keep users safe and to ensure this rapidly evolving technology becomes a force for good.
It would behoove key players to lay out ground rules for safety and security while we are still in the early stages of the metaverse. If we concentrate on keeping users safe from the get-go, rather than waiting until problems crop up, we stand a much higher chance of the metaverse realizing its ideal of becoming an astonishing new world where people can converge, creative thought can flow, and new experiences can be had, rather than becoming yet another platform for cybercriminals to endanger ordinary users.
(18)