As we all know, Metaverse was announced to be launched by Mark Zuckerberg. This seems to be the next wave of computing which will also involve a deeper understanding of the user’s behavior and privacy details. This information will create new data collection types which will impact our lives. History tells us that data privacy may not be Zuckerberg’s first priority, so we should be careful about what data we expose when getting to experience this new wave.
Despite Facebook’s data leaks through the years, Zuckerberg announced that he’s prioritizing security and privacy as he attempts to build the virtual world (metaverse). The Cyber Threat Defense security team has analyzed the topic and managed to expose the possible risks people will be put at.
Data breaches are still existing even in the VR world
We already know users’ information like email addresses, device names, and download history was stolen in an incident back in 2018 from a pornography-based VR app.
We wonder how much security work goes into cheap IoT devices and regular mobile apps, and the same thing applies to VR & AR. At this point, we do not have so much information, but if Meta allows third-party applications somewhere down the line, we need to know what security measures are in place to protect user data.
If you would like to make sure that your application or service is secured, CTD can help you assess the security posture, contact us here.
How do we put our privacy in danger?
Let’s take a hypothetical example of possible privacy information exposure: reproducing your home inside the VR space, might sound cool and fun. There are plenty desktop games where you can do that, but you are the only person able to see it. In a metaverse environment, this might help strangers know your house map.
The difference here will be that in the metaverse friends will want to come to your digital place and experience that virtual reality everybody talks about. What if this place is not private and inaccessible to strangers? There are situations in video games where your home is public to any other player.
VR and AR allow the users to replicate their homebuilding in a more detailed manner. Scanning parts of your room or even your entire house and inserting the schema into the digital reality will be dangerous if this information will be leaked to any possible malicious actor.
There is even more room for the possibilities, like, why do we stop at the room or house when you can access the whole street via public map databases? Basically, you can replicate your day-to-day life and strangers might see that replica.
This data can be used for OSINT techniques to figure out where you live and how your life looks like. A criminal might keep an eye on your social media posts and wait for you to go on a holiday for a period of time. This might be your first burglary using virtual reality as a shortcut for the thief.
For now, Facebook data including the full names, locations, email addresses, and relationship status of over half a billion of its users was leaked online.
Is Metaverse about gaming or data?
For the moment we can only speculate, but it is no secret that Facebook has had several data leaks since its founding in 2004. The most high-profile was the Cambridge Analytica scandal of 2018 in which a rogue researcher improperly accessed user data and then sold it to a political consulting firm.
Marcus Carter, a senior lecturer in digital cultures at the University of Sydney recently said “Facebook’s VR push is about data, not gaming”.
More and more malicious techniques will develop in this totally new environment and we have to be aware that our privacy may be in danger. Know the risks and what mistakes you have to avoid in order to keep your private life, PRIVATE!