In the last couple of decades, businesses and the wider public have come to rely heavily on the internet. Now imagine a world where we are also immersed in it. Instead of seeing a face on our computer screen, we are transported into simulated 3D meeting rooms and sit across avatars of our colleagues. Rather than listening to your favorite musician belting top hits through video, we have front-row seats to their virtual concert from the comfort of our living room couch. Perhaps, you twist your ankle on a hiking expedition halfway around the world, so you ring your doctor at home who streams in and provides a thorough medical assessment. The new iteration of the internet – the metaverse – offers a wealth of new and exciting opportunities; it’s no wonder it has received so much hype of late.
Although presently an abstract idea dreamed up by the visionaries among us, the metaverse will be the continuum of different technologies such as the extended reality (XR) space as well as the decentralized nature of Web3 and blockchain technologies, converging. When the concept eventually comes to fruition, it will no doubt revolutionize the way we engage, interact and conduct business with one another. Yet, as we continue to make advances, we can expect to encounter a whole host of security as well as privacy risks and concerns along the way.
The Metaverse Risk Factor
It is important to remember that the metaverse will simply be an extension of the internet today, which as it stands, is riddled with vulnerabilities and privacy challenges. By building on these rocky foundations, we will likely see the same issues emerge, compounded with additional complexities. The same scams, fraud, credential thefts, misinformation and social engineering attempts we have grown all too familiar with, will crop up once again, though taken up a notch. In fact, this year, a number of individuals across the United States fell victim to a metaverse-related scam. Enticed by the prospect of owning a piece of the metaverse, through purchasing virtual ‘land’ on platforms such as The Sandbox and SuperWorld, these investors succumbed to a malicious phishing link disguised as portals to the virtual universe and lost their crypto investments. Just think about the damage that could be done when deep fake technologies are employed to impersonate trusted institutions and people. In addition to stealing financial and digital assets, threat actors could also indoctrinate users to adopt certain ideologies or steal their identities.Indeed, when utilizing immersive reality headsets, an abundance of information is collected on users including their emotional states, and biomarkers such as blood pressure, heart rate, body temperature, etc. These can be analyzed to determine users’ behaviors and decision-making processes, all of which can be leveraged by criminals but also used in a commercial setting for targeted ad campaigns. With so much data on consumers, one might even say that companies could have the power to manipulate people into buying their products and services. Having said that, existing regulations and legislation still have a way to go in ensuring there is suitable oversight. Of course, this itself will be a massive undertaking as the fluid and borderless nature of the metaverse would complicate disputes occurring across different jurisdictions.
Some suggest that the best means of overcoming this particular challenge is through practicing a Self-Sovereign Identity (SSI) approach whereby individuals are given full autonomy over their own data and the ability to choose what they share to prove their identity with third parties. Although an innovative suggestion, this places the burden of their digital asset and identity security squarely on the user’s shoulders with no one they can turn to when things go south.
Ensuring Safety in this New World
Finally, there is a threat to users’ psychological well-being as the immersive nature of the metaverse will certainly exacerbate the repercussions of online trolling, bullying and sexual/racial harassment, etc. The digital world can offer the benefit of anonymity, but the downside of this means there will be people who will take advantage of that or even feel emboldened to act maliciously.
As we embark on this intriguing and thrilling stage of the internet, let us not forget to address the safety threats that will surface alongside. It is important now more than ever that we put in the work to educate the public on the latest social engineering threats, equipping them with the know-how to combat these; that we design legislation that can accommodate the changing threat landscape; and that we build security into the metaverse and other technologies, by design.