Cybersecurity and the metaverse: Identifying the weak spots

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!

As you scroll through your myriad social media platforms, jump online to read reviews of the new restaurant that just opened up down the street, or log on to your favorite virtual retailer to buy a birthday present for your mom, you might not feel like your online life is changing. Chances are, though, the digital status quo isn’t going to remain the status quo for very much longer.

Indeed, there are a lot of pretty profound indicators of a sea change to come. Zuckerberg recently rechristened Facebook as Meta. Microsoft is currently in the process of acquiring the gaming giant, Activision Blizzard, for nearly $70 billion. Even the iconic fashion house, Ralph Lauren, has launched a line of virtual apparel and accessories.

So what is it that’s creating such seismic shifts in the world of both tech and commerce, and why should you care?

It’s the metaverse, and it has the tech world buzzing. You’ve probably heard the term yourself, but you may not be clear on what it’s all about.

Understanding the metaverse

In a nutshell, the metaverse is a new, enhanced version of the internet that uses virtual reality and augmented reality (AR/VR) to provide a fully immersive experience of the online world. It is, in other words, a version of the web in which “you,” in the form of your online avatar, can work, play, get an education, shop and socialize with friends — and feel as if you’re actually there.

The metaverse is, in essence, an alternative to our physical world, but without many of its limitations, such as the constraints of geographic distance or the hindrances of real, living bodies.

Sounds pretty exciting, right? Well, yes. However, there’s a downside. Experts predict that the metaverse is going to amplify the cybersecurity challenges that already exist online today while introducing a host of new ones, both those that we can predict as well as those we cannot as of yet. 

Research shows, for example, that cybersecurity threats, as well as cybercrimes, are rapidly and dramatically increasing, rising by 50% or more, year over year. Recent predictions hold that the annual costs of cybercrime will exceed $10 trillion by the year 2025, and that the primary commercial targets are likely not to be finance or commerce. Rather, other key industries are being targeted for cybercrime, such as real estate, education and agriculture.

If and when the metaverse emerges to supplant Web2, experts caution that these trends will only worsen and that the ramifications of cybercrime may, like the metaverse itself, be an extreme enhancement of what currently exists.

Identity security

The metaverse is designed to function through the use of digital avatars that each user creates for themselves. Ostensibly, this avatar will be both unique and secure, which will allow the real human it represents to use their personally identifiable information (PII) and other sensitive information to make purchases, do work and even receive healthcare. 

In addition, through the avatar, the user can interact with others in the digital space, including working with colleagues in a virtual office. 

The concern, however, is that because the avatar is, fundamentally, the skeleton key to your private offline information, from your PII to your financial accounts, if a hacker gains access to your avatar, then they can open the door to your entire life. This holds the potential to take identity theft to an unprecedented level. 

Identity theft in the metaverse can also take another, and perhaps even more sinister, turn, however. If hackers gain control of your avatar, they may well engage in behaviors that can ruin your relationships and reputation, and may even put your offline safety at risk. 

A particularly alarming form of this kind of identity hijacking is the “deepfake,” in which bad actors represent themselves in the digital space as another person. Online deepfake videos have already been made of celebrities and ordinary citizens alike, using technology that is so sophisticated it is nearly impossible to differentiate between the deepfake and the real person.

NFT and bitcoin scams

The metaverse will function through its own forms of currency, including cryptocurrency like Bitcoin, as well as various types of nonfungible tokens (NFTs). While NFTs and cryptocurrencies can be accumulated, exchanged, spent or lost in the metaverse much as fiat currency is used in the physical world, the process begins with purchasing these digital currencies with traditional money.

Just as in the physical world, scammers and thieves will flock to anything of value, and the metaverse, despite the fact that it is still in its nascent stages, has already been the site of some pretty breathtaking scams. In fact, it’s estimated that more than $14 billion in cryptocurrency was lost to fraudsters in 2021 alone.

The notorious Hyperverse scam, for example, offered metaverse residents the chance to purchase tickets to a concert series in the metaverse using crypto to purchase NFT tickets. The event was highly publicized, not only within the metaverse but also in traditional and social media, and generated massive interest. There is, to date, no evidence that any of the heavily promoted events ever actually occurred. 

Significantly, because theft in the metaverse generally involves blockchain technology, it is almost impossible for law enforcement to track the culprit. This is due to the decentralized nature of blockchain, which erases all records of the chain of possession.

Biometrics and data hacks

Among the most disconcerting of the potential cybersecurity threats in the metaverse is the risk of biometric hacking. Because the metaverse functions through VR/AR, users will need to wear VR headsets and, potentially, other VR/AR technologies, such as haptic gloves.

These may be used in certain areas of the metaverse for biometric identification, such as through iris scanning. However, critics fear that hackers may gain access to these biometrics which could not only enable them to gain access to sensitive accounts, but may also provide access to private information about the end user’s physical functioning and medical status. 

This is a particular concern given the notorious history of nefarious data collection practices by entities such as Facebook. Critics argue, for example, that if platforms like Meta have access to voluminous biometric data on its end-users, then those data archives may be hacked or, worse, sold without the end user’s consent.

Physical safety

The immersive environment of the metaverse may also put end users’ physical safety in the offline world at risk as well. For example, if a hacker takes control of someone’s account, then they may be able to manipulate what their avatar sees, hears and does in the virtual space.

However, activity in the metaverse can also readily translate into activity in the physical world. The immersive experience of the metaverse means that users can easily become disoriented as their senses are no longer registering their actual physical environment. A hacker may manipulate the metaverse environment so that the user responds physically but with no awareness of their physical surroundings. This could even lead to life-threatening situations, as hackers could potentially manipulate end-users to unwittingly walk forward into traffic or off a flight of stairs.

This can be a particular concern for parents whose children are already gaming in the metaverse. Fortunately, it’s still possible to monitor gameplay in the metaverse, such as by ensuring that children project their game world onto the family television to better enable parents to keep watching.

The takeaway

The metaverse is truly a brave new world, one that holds tremendous promise and potential. The metaverse may well revolutionize the ways we work, learn, play and socialize. However, the cybersecurity threats of the metaverse are very real, and it is incumbent upon metaverse creators, governments, corporations and private citizens to understand and guard against these dangers.

Charlie Fletcher is a freelance writer covering tech and business.

Originally appeared on: TheSpuzz