Virtual Reality (VR) and Augmented Reality (AR) have huge potential. As with any new innovation, it’s important to review the potential security risks. In his latest column for Help Net Security, our CTO, Corey Nachreiner, breaks down the current and future risks of AR/VR hacking.
Today, VR and AR technologies expose little in the way of new attack surfaces or information that can be easily monetized. While this reduces the current threat, this could change in the future as VR/AR improves and becomes more integrated into our everyday lives. Here’s an excerpt from Corey’s article explaining some future security risks if 3D-modeled virtual avatars become more common.
“However, imagine the social engineering possibilities if malicious actors got a hold of a person’s 3D model, and a history of all their movements in VR…While these fake videos haven’t been perfected yet, imagine how VR tracking data and accurate 3D models could change things. One of the unique identifiers of an individual is their unique movements and verbal or physical “ticks.” If compromised, these personal intricacies could allow hackers to socially engineer a person’s friends, or digitally impersonate a user.”
Other future VR/AR security risks include hackers changing people’s AR displays to lead them into dangerous situations, or analyzing fine motor data to steal PINs or passwords as users they enter them on virtual keyboards.