What Are Augmented Reality (AR) And Virtual Reality (VR)?
Augmented Reality (AR) and Virtual Reality (VR) are close together, but they are different. In augmented reality, an accurate picture of the world is expanded or “enriched” with digital elements – visually, auditory or sensory. In recent years, one of the best-known examples of AR was the popular Pokemon Go game.
In contrast, virtual reality does not build on the existing world but creates its cyber environment. Virtual reality is usually experienced via an interface, i. H. a headset or glasses, instead of the following content on the screen.
Mixed Reality (MR) is similar to AR but goes one step further by projecting digital 3D content that creates a sense of space and can be changed. In MR, users can interact and play with physical and virtual objects and environments – e.g., B. with a virtual ball that ricochets off an actual table or wall.
VR, AR, and MR are summarized under the collective term Extended Reality (XR). The global market for XR hardware, software, and services grows every year. But it is precisely the rapid rise of these technologies that raise the question among some consumers of how things are with security and privacy.
Augmented Reality Issues Related To Security And Privacy
Concerns About AR
One of the greatest dangers of augmented reality concerns the protection of privacy. The user’s privacy is at risk because the AR technologies can see what they are doing. AR collects a lot of information about who the user is and what he is doing – and to a much greater extent than social media or other formats, for example. This raises concerns and questions:
- If hackers gain access to a device, the potential loss of privacy is significant.
- What do AR companies do with the collected user information, and how do they protect it?
- Where do companies store this AR data: locally on the device or in the cloud? And if the information is stored in the cloud: is it encrypted there?
- Do AR companies pass this data on to third parties? If so, how are they used there?
AR browsers make augmented reality displays possible, but the content comes from third-party providers and applications. Since AR is relatively new, the question arises of how reliable it is. Because the mechanisms of generating and transmitting authenticated content are still in their infancy, clever hackers can replace a user’s AR with their own, misleading people or providing incorrect information.
In cyberspace, there are already opportunities to twist content from authentic sources, for example, through spoofing, sniffing, and data manipulation.
Deceptively accurate augmented reality content could lead users to black ice and become victims of social engineering attacks. For example, hackers could use fake logos or advertisements to simulate a different environment and induce them to take actions that would benefit the attacker.
AR hackers can hide harmful content in advertisements. The unsuspecting user then clicks on advertisements that lead them to hacked websites or AR servers that are infected with malware and contain unreliable visual representations, thus undermining AR security.
Theft Of Network Credentials
Criminals can steal network access data from wearables with Android as the operating system. Hacking could pose a cyber threat to online retailers using AR and VR-enriched shopping apps. Many customers have already saved their card data and mobile payment solutions in their user profiles. Hackers who gain access to it could use this convenient form of mobile payment to empty the accounts in peace.
Denial Of Service
Another possible form of attack on AR security is a denial of service. For example, users who use AR for their work could suddenly be cut off from the flow of information they rely on. This could have fatal consequences, especially for employees who use this technology to assist critical situations. For example, for the surgeon who works with AR glasses and suddenly no longer has access to vital real-time information, or for the driver who can no longer see the road without warning because his AR windshield has turned into a black screen.
Network attackers can eavesdrop on AR browsers and providers, channel owners, and third-party servers. Man-in-the-middle attacks are then easily possible.
Hackers can gain access to a user’s AR device and record their behavior and interactions in the AR environment. They can later threaten to publish these records and demand a ransom. This could get very uncomfortable for people who don’t want their gaming and other AR interactions to be made public.
One of the most significant vulnerabilities for AR security is the possibility of causing physical damage to AR devices. Some wearables are more resilient than others, but every device is physically vulnerable. An essential aspect is keeping them functional and secure – for example, by not letting anyone run away with a headset that is easily lost or stolen.
Virtual Reality Hazards And Security Issues
VR security risks are slightly different from AR since VR takes place in closed environments and there is no interaction with the real physical world. Nonetheless, VR headsets block the user’s view, which can be dangerous if hackers take over the device. For example, you could modify content in a way that makes the user dizzy or nauseous.
Concerns about VR
As with AR, privacy is a big issue with VR. The recorded biometric data, such as iris or retina scans, finger and handprints, facial geometry, and voice profiles, appear to be particularly problematic. Here are a few examples:
- Finger tracking: In the virtual world, a user can use hand gestures in the same way as in the real world – for example, to enter a code on a virtual keyboard. This means, however, that the system notes the entries made by the fingers on the keyboard and passes them on if, for example, a PIN is entered. If an attacker succeeds in obtaining this data, he can understand the user’s PIN.
- Eye-tracking: Some VR and AR headsets track the user’s eye movements. This data could be of added value to harmful actors. Knowing precisely what a user is looking at could provide an attacker with valuable information that he can capture to reproduce the user actions afterward.
It is almost impossible to anonymize VR and AR tracking data because every person has a unique movement pattern. Using behavioral and biological information from VR headsets, researchers have been able to identify users very precisely – which is a real problem when VR systems are hacked.
Like zip codes, IP addresses, and language profiles, VR and AR tracking data should be viewed as potentially personal data. Finally, third parties can use this information, either separately or in combination with other personal or identifying data, to assign an identity to a person or trace their actions. Therefore, the protection of privacy in VR is a great good.
Attackers could try to infiltrate functions into VR platforms that induce users to divulge personal information. As with AR, this creates opportunities for ransomware attacks, in which malicious actors sabotage platforms and combine this with a ransom demand.
False Identities Or “Deep Fakes”
You can falsify voices and videos with adaptive systems and still make them look deceptively real. If a hacker succeeds in accessing the stored movement data in a VR headset, he could use it to create a digital image (also called deepfake ) and thus undermine VR security. He could then place this over the VR experience of another person as part of a social engineering attack.
Apart from cybersecurity, one of the greatest dangers of virtual reality is that the user can no longer hear or see anything and is thus wholly cut off from the outside world. Therefore, the physical safety of the user and the safety of those around him should always come first. This also applies to AR, where users must remain fully aware of their surroundings at all times, significantly the deeper they dive into the virtual environment.
Further critical points that are occasionally mentioned in connection with VR:
- Addictive potential
- Health effects such as dizziness, nausea, or loss of spatial awareness (after prolonged use of VR)
- Loss of human bonds
Examples Of AR And VR
The possible uses of augmented reality, virtual reality, and mixed reality are diverse and are constantly increasing. This includes:
- Gaming – from first-person shooters to strategy games and role-playing games. Probably the most famous AR game is Pokémon Go.
- Professional Sports – Training programs for amateur and professional athletes
- Virtual trips – virtual trips to zoos, safari parks, art museums, etc. without ever leaving your home
- Healthcare – Exercise opportunities for healthcare professionals, e.g., B. Simulations for surgical interventions
- Film and television – spectacular interludes for films and shows
But the technology is already being used in more severe areas. For example, the US Army uses digital worlds to prepare soldiers for missions better, while the police in China use the technology to identify suspects.
Oculus Privacy Concerns
Oculus is one of the most iconic VR headsets, and the company behind it is one of a handful of others who are driving VR game development on a grand scale. Facebook took over the company in 2014. In 2020, Facebook announced that it would only be possible to log into VR headsets using Facebook access data in the future. As a result, a heated debate about privacy protection at Oculus broke out.
Critics of the decision expressed concerns about how Facebook collects, stores, and uses data, the possibility of targeted advertising, and the compulsion to use a service that might otherwise not have been chosen. The announcement sparked a wave of online posts from users concerned about privacy and security at Oculus, suggesting that they will no longer use their Oculus headsets. The latter, however, is not seen by commentators as a significant obstacle to Oculus in the long term.
Tips: How To Play It Safe When Using VR And AR Systems
Do Not Disclose Personal Information
Do not reveal information that is too personal or not strictly necessary to provide. Setting up an account using your email is one thing, but credit card details are only required if you specifically want to purchase something.
Skipping lengthy privacy policies or terms and conditions is sometimes very easy. However, it is worth taking a closer look to determine how the operators of AR and VR platforms handle your data and how they store it. For example, will your data be passed on to third parties? What kind of data is collected and passed on?
Use A VPN
One way to protect your identity and privacy on the Internet is to use a VPN service. If you have to reveal sensitive information, a VPN can protect your data from misuse. Modern encryption and a changed IP address ensure that your identity and data remain private. VPN models will also have to keep pace with the further development of AR and VR.
Latest Software For The Firmware
You should always keep the firmware of your VR headsets and AR wearables up to date. In addition to new functions and improvements to the existing features.
Protection By Comprehensive Anti-Virus Software
The ideal way to increase security on the Internet is a proactive cybersecurity solution. For example, Kaspersky Total Security offers robust protection against various online threats such as viruses, malware, ransomware, spyware, phishing, and other emerging cyber security threats.