Monday, January 30

What security risks can the Metaverse hide?

ESET, a computer security company, analyzes the Metaverse and the points to which attention should be paid in terms of security and information protection.

To keep up with a trend, it is necessary to start learning as soon as possible, which is why ESET, a leading company in proactive threat detection, analyzes different hypotheses about the possible security risks that may come from the Metaverse.

“If you consider that many of the cyber threats present in today’s reality continue to constantly challenge companies and users and claim new victims, it is difficult to imagine that they will not be replicated in this virtual world. In addition, the technology industry has many examples of how business pressures to go to market as soon as possible often result in security oversights”, comments Daniel Cunha Barbosa, Researcher at ESET Latin America.

Despite the fact that large technology companies are already developing models, calculations are being made, and teams are working to make it a reality, the metaverse is still mostly an idea. The ESET research team focuses on security and to do so they raise some points to which attention will have to be paid when this digital universe becomes a reality. Next, from ESET they share hypotheses based on the current reality and on the historical background linked to computer threats and the emergence of new technologies, in order to educate and raise awareness about what can happen during the possible use of immersive reality as raises Metaverse:

  • Access devices: This will definitely be the first point of attention, it is not yet known what devices will allow entry to the metaverse. If at first it will be accessed through traditional computers, if the entry will only be possible with certain gadgets such as glasses, gloves or joysticks and, above all, if specific configurations will be necessary for this connection to occur. Also if there will need to be a direct connection from hosts on the Internet to the device through specific firewall rules or if there will be a central server where clients will connect to it, regardless of the device used.
  • More than one virtual world: The Metaverse will be the world created by the Meta company, which also owns platforms such as Facebook, Instagram and WhatsApp, but there may be more than one virtual world. What kind of information will need to be provided for exiting one world and entering another? Will the user actively do it or will the platforms trade with each other? Will the security of the stored information be the same for all worlds or is it possible that one of them is more “vulnerable”?
  • Impersonation: On platforms where it is possible to customize an avatar, images that have nothing to do with the physical characteristics of the user are usually used. This ability to change appearance is also used by people with bad intentions to obtain information or even money from other people who are part of this world. This will surely also be present in the Metaverse with criminals trying to exploit social engineering, since, according to the presentation video of the project, it will allow various customizations.
  • Information exchanges and malware?: It is possible that different types of interactions are allowed within an immersive environment, so that in addition to the interaction of walking and talking with other people, it will be possible to send and receive files of different types, such as images , videos or documents; It may even be possible to transfer resources directly between people, and these are points that can cause problems for users if they are not managed correctly. If the interactions between people are totally free and each one can send what they want, how will it be validated if the file has malicious content? Will they be opened by the interface itself or will they need to be downloaded and handled separately? Malicious files represent a significant part of the digital threat scene today and will certainly need to be considered in the Metaverse, as depending on how these interactions occur, parties may have access to each other’s information.
  • Stores, purchases and payment methods: Regardless of what type of currency circulates within the platform, one thing is practically certain, there will be the possibility of acquiring products within this world and this will give rise to fraud and scams. Objects that you can receive in the real world or maybe customizable items, NFTs and any other kind of trading possibilities, and these transactions need to be highly protected. It is essential to know where the payment information will be, if it will be stored on the device that will connect to the Metaverse or in the cloud, or in another place. Also if it will be necessary to make validations for each purchase or if this process is automated when using the function once. Another point to take into account is if you allow yourself to buy directly from a person, know what payment information this person will receive. Even if the quality of today’s payment methods is imported into this world, there will be plenty of attention points to worry about.
  • The management of personal information and the type of data: Today there is already registration data such as name, telephone number, identity document, address and several others that allow identification, as well as passwords and information on personal tastes that make up the group of more sensitive data. It is assumed that immersion in the Metaverse will require virtual reality glasses, they will have even more sensors than a cell phone and will probably be able to read the user’s height, perhaps even their weight, heart rate, provide facial recognition with an advanced level of precision, and if you have cameras you will be able to monitor the environment and avoid possible collisions with objects in the physical world. The point to analyze is what happens if that information falls into the wrong hands.
Also Read  The US tested a hypersonic missile in March, after Russia's attack on Ukraine

“There is a lot of potential in everything that encompasses the Metaverse and any other universe that may arise, but historically speaking, innovations are not always developed with security in mind and technologies tend to go to market as soon as possible because the priorities are different. We hope that in this case the Metaverse is designed and developed taking into account the security of the environment as a whole, both for users, information, transactions and its structure in general. At ESET we are committed to education and awareness as the first measure to navigate safely on the Internet, so even without having clear information on what this digital universe will be like, it is possible to take into account that criminals will also be part of it and, as always, , it will be everyone’s responsibility to ensure the protection of assets and data and to be attentive to possible scams that may arise in this environment”, concludes Daniel Cunha Barbosa, Researcher at ESET Latin America.

Illustration: ESET

Leave a Reply

Your email address will not be published. Required fields are marked *