Brave new (virtual) world? cyber security considerations in the Metaverse
When the likes of Meta and Microsoft spend billions to kick-start what they see as the next big tech gold rush, it’s worth taking notice. We are, of course, talking about the Metaverse, a prospect so compelling that it prompted Facebook’s corporate rebrand alongside an investment in the region of $10 billion per year.
According to their launch content, the money is going towards the creation of a "hybrid of today’s online social experiences, sometimes expanded into three dimensions or projected into the physical world. It will let you share immersive experiences with other people even when you can’t be together."
For Microsoft, their proposed $69 billion acquisition of gaming giant Activision Blizzard is widely viewed as a strategic Metaverse investment. Snapping up the Call of Duty publisher, however, is perhaps just the beginning of their efforts, or as Bloomberg puts it, a "down payment on the Metaverse” as the tech giants in general gear up for a “land grab" in this emerging and potentially transformative ecosystem.
For those who haven’t yet looked any deeper into the topic, what does the Metaverse represent in practical terms? A good starting point is to reimagine the internet, but delivered as a compelling virtual reality experience. By integrating both proven and new technologies, the Metaverse vision is that our real world and digital lives become more deeply integrated than ever before.
Anyone familiar with massive, open world online gaming experiences will have a sense about where things might be heading. From World of Warcraft to Eve Online, these enormous digital environments give players huge freedom to create their own experiences and, in effect, 'live' online. Metaverse proponents say we’ll get all this and much more.
These headline-grabbing possibilities represent just the tip of the Metaverse iceberg. For those organizations looking at it from their own perspective, however, any decisions about where and how to participate should be considered against one key area of concern -- the cybersecurity risks.
Is the Metaverse secure?
Unfortunately, when new digital technologies are brought to market, cybersecurity isn’t always considered early enough in the development process. As a result, it can be viewed as something of a bolt-on, increasing the opportunity for cybercriminals to identify exploits or vulnerabilities. In the case of the Metaverse, the potential risks include:
- Scams. If the Metaverse delivers anything like the type of connected digital experiences many people expect, it is likely to become a hunting ground for a diverse range of financial scams. Any organization developing applications or solutions for the Metaverse will need to minimize the risks for their users.
- Regulations. Authorities the world over are already showing an increasing interest in the Metaverse and to what extent it will require regulating. Given its global infrastructure, establishing jurisdictions and management will be challenging and users who fall foul of crime in the metaverse risk falling through the cracks if properly enforceable regulations are not available.
- Privacy and impersonation. As the Metaverse grows in complexity, it’s likely that online personas will become more detailed, making them attractive to cybercriminals already well-versed in identity theft. If, as predicted, the Metaverse results in more crossover between real-world and digital ecosystems, the potential for even more damaging privacy breaches than we have seen so far will grow.
- Fraud. Looking at the various applications and products already available in the Metaverse space, non-fungible tokens (NFTs) have seen both major levels of investment and alarming instances of fraud. From a security perspective, they should be treated with caution, especially given the difficulties in retrieving funds stolen as a result of NFT 'rug pulls'.
- New exploits. The fast pace of development and integration of new and existing technologies across the Metaverse is certain to give rise to unforeseeable cyber security gaps. Indeed, the checkered security track of some of our biggest online platforms offers some important lessons for the Metaverse in the years ahead.
- Child protection. In common with other online technologies, the metaverse presents risks when it comes to controlling how children access content. Organizations developing for the Metaverse must keep protection and privacy at the forefront of their design, management and monitoring processes.
Given the significant levels of investment being made by tech companies and other significant brands in the Metaverse, it has the potential to build enormous momentum. But, as skeptics point out, there is a long way to go before hype turns into reality and we move from unproven, even experimental, applications to something more compelling to the mass market. Whatever the outcome, the security risks should remain a concern for every stakeholder.
Image credit: wacomka/depositphotos.com
Andy Swift is Technical Director for Offensive Security at Six Degrees.