Well, that’s the truth of the matter. Technologies come to be, and the threat landscape soon expands to engulf them. No matter how sophisticated and evolved these technologies are, they can never evade the risk radar. So as the world reels under the effect of how augmented and virtual reality stand to transform the way we play, learn, train, travel, shop and more, it’s time we also brace ourselves to face how it might all go wrong.
For better or for worse, we live in a world of technological marvels, ones that, to a large extent, decide the quality of life we lead. And although VR-AR doesn’t really steal the limelight, they certainly command attention. Especially when (as you’ll soon see why) they have the potential to disrupt lives and cause serious damage.
Imagine walking down the hallway to a conference room and reaching out for the doorknob only to have your fingers close in on thin air; or driving down a road and turning to take a slip lane only to crash hard onto something solid. Incredulous? These are both cases of augmented reality hacks, where attackers compromise AR screens to display non-existent content. No, it’s not really happening to us…at least, not yet. But how long before it ceases to be just a scene from a sci-fi movie?
AR/VR innovations are hitting the market at dizzying speeds. Digi-Capital, an advisory firm, reports that the AR-VR market will be worth $108 billion by 2021. And obviously, not all that money will go into entertainment and games. AR and VR devices/technologies are gradually finding their way into various domains, including education, healthcare and professional business set-ups. However, while these cutting-edge technologies certainly add a zing to our day-to-day lives, they also expose us to grave security threats. And though we don’t yet know how much harm they can cause, the subject does bear thinking.
Data-based Privacy Risks
Mobile devices have opened up new avenues for companies to collect data from; they’re no longer limited to browsing habits or UI interactions. Now, they can track users and even receive feeds from smartphone cameras. Wearables have given them access to a world of information (health records, voice samples) and IoT has brought in cutting-edge capabilities to sense the world better.
AR-VR headsets collect data on head and eye movements and how users react to various types of visual content. Setups that include hand props and/or gesture detection technologies can even record data on physical behavior. It’s no surprise that talks of creating VR social experiences are making the rounds.
These are insights companies never had access to before – something they would love to leverage and monetize. The challenge now will be to secure that data like any other personal data they collect – be transparent about how they plan to store, process and mine that kind of data, and if and how they plan to share such data with third parties. However, users must be wary of the services they opt for and how the data collected would be handled.
Big Data and AI are helping us do a world of good – improving the quality of education, fighting cancer, etc. But data in the wrong hands can definitely set off a few alarms – the way companies such as Amazon, Google and Facebook mining user data has become a grave privacy concern. These organizations are creating digital profiles of their users based on the data collected and leveraging those to make money – like creating apps, based on what you like, so you stay glued to your screen or make a purchase.
The data collected by means of AR-VR devices will only amplify this by providing them access to more precise information on how we interact with and/or consume content. Owing to the immersive experiences offered by AR/VR devices, they can also be used to influence users (like political sentiments, buying decisions), especially when companies can segregate and target their audience at a granular level. As a matter of fact, AR/VR can help organizations create and place ads based on which colors users are drawn to and which locations they are more prone to pay attention to.
Right now, it’s mostly speculation, just like the scenarios mentioned earlier. But we do know a few things. AR is about overlaying information and graphics over our vision of the real world. And users use this data to make decisions. What if the app feeding this information is compromised? Miscreants can leverage AR screens to deceive people and lead them into making mistakes. Imagine a care provider looking up patient information on an AR display being presented with wrong information; or worse still, a surgeon losing real-time feed while operating.
It’s a little different for VR as most of it is confined to closed environments. The risks here may be slightly less critical. However, since a headset covers the user’s entire vision, a hacker taking over the device may cause serious harm (manipulating the content to cause dizziness).
Thus, it’s imperative that businesses give as much importance to security measures as they do to their offerings hitting the shelf. It’s their obligation to fix easily exploitable vulnerabilities before the products are even shipped. As for those using such devices for business purposes, they must find a way to ensure they do not jeopardize the safety or privacy of their employees.