Blog & Tools

Virtual, augmented reality technology bound to create new security risks

Virtual Reality, Augmented Reality, Mixed Reality

Without the use of virtual reality, some electronic games probably would be just, plain boring. VR technology uses equipment such as headsets to present realistic images in an imaginary environment.

VR is widely used in entertainment, including moviemaking, and is being used more in businesses such as architecture. Some architectural firms are using special headsets to give clients and construction partners a virtual tour of building designs before they’re built. The three-dimensional view of a computer-generated building changes as the user’s head turns to the left or right or looks up or down. They can also use a control stick to change the view, which can also be projected onto a screen for a group to see.

Augmented Reality

The next step in VR tours is likely to be augmented reality. The technology would allow architectural customers to see what a projected design would look like if, for example, furniture was added to an existing room or moved from one corner to another. It combines virtual reality with the real world to create a new image.

Remember the Pokémon Go craze of 2016? It used augmented reality features. Players tracked imaginary creatures in real-life settings.

The blending of real-world and virtual images is sometimes called mixed reality. No matter what you call the technology, it’s fascinating stuff, and it has enormous potential in fields such as education. The military and the aerospace industry already use VR technology in flight training. In the future, medical students, for example, could explore and practice live-saving procedures on lifelike images.

In addition to ethical issues, the use of VR and augmented reality technologies raise security concerns that need to be addressed in more depth as mixing realities becomes more popular. The push to get products to more people has begun.

Consider, for example, that Apple’s newest iPhones – the 8, 8 Plus and X – are being promoted as great devices for accessing and using augmented reality apps. People can use their smartphones to overlay digital graphics into images.

I asked some cybersecurity experts at SDN Communications in Sioux Falls if they worry about network threats related to the technology.

“There’s probably a time when it starts concerning us, but not yet,” said Mike Klein, a managed services data technician. “We’re interested in seeing how it develops as well as in the security implications that come with it.”

VR - Virtual Reality

VR devices haven’t been much of an industrywide concern yet, it seems, because use of the technology has been limited. Cyber criminals are always looking for fresh targets, though. So, at some point, as mixed reality catches on with more businesses and consumers, attacks designed to exploit the software driving augmented reality could surface and bring more urgency to the issue.

“Up to this point, there hasn’t been wide-scale discourse among IT professionals around potential VR security issues in businesses,” Peter Tsai, an IT analyst with Spiceworks in Texas wrote in a column published last December on “But with the wide array of unique data, privacy and health security risks associated with VR technology, we’ll eventually need to have the conversation to get security right.”

In the meantime, organizations can take some precautionary steps to improve VR security, said Tsai and Tripwire, a cybersecurity company in Oregon. For starters, check the track record of the company that made the VR equipment. Vendors should be strongly vetted to make sure that cybersecurity risks were considered and mitigated in development of the product

Businesses without an urgent need to buy VR and augmented reality equipment might want to wait a while to give manufacturers more time to perfect the technology.

Early adapters, meanwhile, should effectively incorporate the use of such devices into their overall cybersecurity strategy. Don’t let the devices become the weak links in an otherwise strongly protected network.