Potential Security Threats with Virtual Reality Technology

Aaron Walker
Aaron Walker  |  June 8, 2017

Virtual reality (VR) is one of the most interesting and entertaining technologies emerging today. So it’s no surprise Silicon Valley, both the location and the television show, have been making a huge deal out of it.

2016 was huge for AR/VR. I know devices like Microsoft’s Hololens can cost as much as $5,000 and Pokemon Go fizzled out after a few months, but venture capitalists haven’t been shy with their investments.

The huge expectations for the industry haven’t prompted much discussion about VR’s potential downsides. Like anything connected to the internet, there are clear security risks.

The topic has been brought up in a few spaces, but the scope of the threat really depends on adoption and emerging technologies.

Security Threats with Virtual Reality

Here are some of the possible downsides to VR endpoints becoming commonplace in the internet of things (IoT) software:

Identity

Identity theft can happen anywhere from a gas station ATM to an e-commerce marketplace. VR products will undoubtedly require basic information like phone numbers, birthdays and email addresses.

In-game marketplaces or a virtual mall would obviously require credit card information, and some applications may require connecting to social media accounts. Since scammers are everywhere, the threat ranges based on your vigilance as a consumer.

Privacy

Your data is never solely in the hands of the vendor. They know we don’t read those “War and Peace”-length terms of service documents, and there’s plenty of fine print indicating our data will be sold to third parties.

Facebook already owns Oculus, and the overlap between VR and social media will surely grow. At least, for now (we’ll touch on future-tech at the end), if Facebook wants to gather any of the data contained within your Oculus device, it probably already has it from your profile and activity on its website.

Even if you’re using a VR headset in the privacy of your own home, whatever you’re watching or doing can potentially be recorded and sold. But the same goes for our iPhones and laptops, so I guess that will likely just reinforce the status quo.

Monitoring

Now things get a little spookier. Like a VR product’s vendor, hackers could theoretically infiltrate your VR device and monitor your activity while you’re sitting comfortably on your couch.

They can do more than sell the information to a marketing company or a product vendor. People could track your location, broadcast your feed or hack your network and steal your credit information. Hackers could also edit your environment.

The government could be another culprit participating in the act of surveillance. Entities like the NSA and the FBI are constantly looking for a new means of information collection, and VR could easily be one of their next steps.

Botnets

Mirai, one of the most infamous botnets in the world, basically shut down the internet last year. Millions of endpoints were compromised, many of which were webcams. A manufacturer had to recall all of its hackable devices.

Many VR headsets have way more processing power than a smart toaster or an intelligent fridge, and they could provide devastating levels of requests. DDoS attacks are a threat regardless of VR’s impact, but they remain yet another potential contributor.

Mind Hacking

Imagine someone hacking your system and not only seeing your history and data but also your brain waves. Data can be collected from tons of different devices, but according to Teesside University lecturer, Joao Ferreira, VR provides a new source of information.

“Oculus’s privacy policy, for example, states that they automatically collect location information and information about physical movements and dimensions,” Ferreira told CBR. “It is reasonable to expect that future mainstream VR devices will also collect information on emitted brain waves and patterns." 

Privacy has basically been a myth since the onset of the digital era, and rumor has it the artificial intelligence software armageddon is approaching.

Final Thoughts

VR could be a harmless edition to the IoT, but that doesn’t mean you should be careless with your security measures.

Aaron Walker
Author

Aaron Walker

Aaron is a Senior Research Specialist who focuses on cybersecurity, information technology and software development. He began at G2 Crowd in 2016 after graduating from The University of Iowa. Aaron has written for The Daily Herald, Tribune Media, and The Daily Iowan, among other media outlets. In his free time, Aaron enjoys shooting film photography and fine-tuning his illustration skills.