Tech giants such as Google, Facebook, or Samsung are betting heavily on virtual reality. As such, this technology has all the hallmarks of something that may soon revolutionize our lives. It may also revolutionize a multitude of business sectors. Tourism (traveling without getting up from the couch), education (seeing history instead of learning the bare facts or visiting the inside of the human body for your anatomy lesson), entertainment (movies starring you), and much more.
However, it is still very much in the early stages of its development. We’re not hearing much about the cybersecurity risks that come along with it. We should be aware that virtual reality, as with any innovation, carries with it some new threats, as well as some old ones that can reinvent themselves in light of new technology.
Imagine you’re participating in a virtual reality contest that promises to give you the house of your dreams if you succeed in building it in 100 hours using Lego blocks. You toil away on your house to meet the requirements and in the end you succeed, at which point the organizers grant you the property of the living space that fascinates you so. However, there’s a cybercriminal on the prowl. He sneaks into the application’s servers and modifies the ownership of the property. Of course you’ve lost nothing physical, but you have lost valuable time. And the company behind the app has lost even more than that. At the very least, they’ve lost your trust, as well as that of the rest of their users.
As worried as we are about the massive credential data breaches that companies increasingly suffer during cyberattacks, in the virtual world things may get worse. Intruders will be able to get their hands not only on usernames and passwords, but also on the user’s physical identity (the hyperrealist avatar generated after scanning their own body).
With all of their biometrics data in your possession, it may end up being easy to steal an actual person. Companies that safeguard such information may therefore face greater risks than those found in the age of credential theft.
Attackers can figure out how to modify a given application’s code to manipulate (virtual) reality as they please. The number of scenarios is infinite. Accessing the virtual offices of a company that works remotely, modifying information to harm a business’s reputation, altering user experience… There’s a whole world of potential risks waiting to be discovered that will bring about new challenges for cybersecurity experts.
In much the same way that malware can affect computers and mobile devices, it can affect virtual reality headsets. Cybercriminals can attack these headsets with a diversity (and perversity) of intentions. Everything from a keylogger able to track user activity to a ransomware that blocks access to a specific virtual world until the user shells out a ransom may be implanted.