Download Metaverse or Metaworse? Cybersecurity Threats Against the Internet of Experiences
The Trouble with the Metaverse
Innovators are diving into a new and immersive virtual space, but with new technology comes new threats. We bring forward possible problematic issues that metaverse pioneers should be wary of.
What is the metaverse?
Right now, there is no definitive answer. There are plenty of differing opinions about what the metaverse is and how it fits into the bigger picture of the internet. But the metaverse is still in the early days of development, and many companies are creating new technologies to carve out their nook in this immersive virtual landscape.
For now, we can define the metaverse as a cloud distributed, multi-vendor, immersive-interactive operating environment that users can access through different categories of connected devices (both static and mobile). It uses Web 2.0 and Web 3.0 technologies to provide an interactive layer on top of the existing Internet. As proposed, it is an open platform for working and playing inside an extended reality environment, and it will also be a communications layer for smart city devices.
However, given the changing circumstances, we fully expect our definition to evolve as the metaverse concept evolves. Of course, this uncertainty makes securing the environment much more complicated.
It is difficult to identify cyberthreats for a space that doesn’t fully exist yet — and may not even be realized in the form that we envision. But, analyzing the nature of the technology and taking into account the current cybercriminal landscape, we were able to conceptualize several critical threats against and inside the metaverse. Our research paper fully outlines these threats, but we present a few use cases in the following sections.
Threats to specialists operating IIoT machinery virtually
Industrial equipment can be operated by specialist operators thousands of miles away because equipment is connected and accessible via custom metaverse space interfaces.
Cyber-physical threats : Man-in-the-middle attacks between industrial equipment and remote operators.
Traditional IT attacks : Vulnerability exploits can be used to gain access to industrial equipment, and because of the connected nature of the metaverse, lateral movement will be possible after initial entry.
VR/AR/MR/XR threats : Criminals can use a digital twin of an industrial facility to preplan physical attacks.
Threats to virtual art collectors and sellers
Since physical laws that govern the real world do not exist in the metaverse, artists will be able to create extraordinary art pieces. Buying, selling, and trading these pieces will be big business.
NFT threats : If NFT data files are encrypted in a ransomware attack, the owner can be blocked from accessing the asset.
Financial fraud : Fraudsters may facilitate the selling of counterfeit or stolen artwork in the metaverse.
VR/AR/MR/XR threats : Scammers could put up fake metaverse galleries displaying and selling counterfeit art.
Threats to gamers and buyers
Companies will develop bodysuits that will allow users to physically feel or control things inside the metaverse. These suits can be used in games or used as an extension for theme parks and other experience industries.
Cyber-physical threats : An attacker can hack the bodysuits and cause them to malfunction, endangering the user. For example, stroboscopic light effects inside the headset display could cause epilepsy or seizures.
VR/AR/MR/XR threats : Criminals can gain access to bodysuits and monitor the user’s actions.
Privacy concerns : The suits will have access to a wide range of biometric data that could be misused.
The darkverse is the deep web brought to the metaverse. It is a space for underground marketplaces, criminal communications, and illegal activities.
A darkverse space could be configured so that users can only access it if they are in a specific physical location and have valid authentication tokens. Criminals can meet and trade in these protected spaces, inaccessible to law enforcement agencies.
We can expect the metaverse to change and evolve, shifting course as more ideas are tried and tested. But what we know now is that more and more companies are investing in metaverse hardware and software — this is the time to make sure security is fully ingrained in the development and production of those technologies.
Metaverse technology continues to advance, but legitimate businesses will not be the only parties using these new spaces. Cybercriminals will migrate from dark web forums to concealed corners of the metaverse. Instead of meeting in underground forums, criminals will be able to virtually walk into metaverse dark web markets.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).