To keep up with a trend, it is necessary to start learning as soon as possible, which is why ESET analyzes different hypotheses about the possible security risks that can come from the hand of the Metaverse.
Despite the fact that large technology companies are already developing models, calculations are being made, and teams are working to make it a reality, the metaverse is still mostly an idea. The ESET research team focuses on security and for this they raise some points to which attention must be paid when this digital universe becomes a reality:
1. Access devices: This will definitely be the first point of attention, it is not yet known what devices will allow entry to the metaverse. If at first it will be accessed through traditional computers, if the entry will only be possible with certain gadgets such as glasses, gloves or joysticks and, above all, if specific configurations will be necessary for this connection to occur. Also if there will need to be a direct connection from hosts on the Internet to the device through specific firewall rules or if there will be a central server where clients will connect to it, regardless of the device used.
2. More than one virtual world: The Metaverse will be the world created by the Meta company, which also owns platforms such as Facebook, Instagram and WhatsApp, but there may be more than one virtual world. What kind of information will need to be provided for exiting one world and entering another? Will the user actively do it or will the platforms trade with each other? Will the security of the stored information be the same for all worlds or is it possible that one of them is more “vulnerable”?
3. Impersonation: On platforms where it is possible to customize an avatar, images that have nothing to do with the physical characteristics of the user are usually used. This ability to change appearance is also used by people with bad intentions to obtain information or even money from other people who are part of this world. This will surely also be present in the Metaverse with criminals trying to exploit social engineering, since, according to the presentation video of the project, it will allow various customizations.
4. Information exchanges and malware?: It is possible that different types of interactions are allowed within an immersive environment, so that in addition to the interaction of walking and talking with other people, it will be possible to send and receive files of different types, such as images, videos or documents; It may even be possible to transfer resources directly between people, and these are points that can cause problems for users if they are not managed correctly. If the interactions between people are completely free and each one can send what they want, how will it be validated if the file has malicious content? Will they be opened by the interface itself or will they need to be downloaded and handled separately? Currently,Malicious files represent a significant part of the digital threat scene and will certainly need to be considered in the Metaverse , as depending on how these interactions occur, parties may have access to each other’s information.
5. Stores, purchases and payment methods: Regardless of what type of currency circulates within the platform, one thing is practically certain, there will be the possibility of purchasing products within this world and this will give rise to fraud and scams. Objects that you can receive in the real world or maybe customizable items, NFTs and any other kind of trading possibilities, and these transactions need to be highly protected. It is essential to know where the payment information will be, if it will be stored on the device that will connect to the Metaverse or in the cloud, or in another place.Also if it will be necessary to make validations for each purchase or if this process is automated when using the function once. Another point to take into account is if you allow yourself to buy directly from a person, know what payment information this person will receive. Even if the quality of today’s payment methods is imported into this world, there will be plenty of attention points to worry about.
6. The management of personal information and the type of data: Today we already have registration data such as name, telephone number, identity document, address and several others that allow identification, as well as passwords and information on personal tastes that make up the most sensitive data set. It is assumed that immersion in the Metaverse will require virtual reality glasses, they will have even more sensors than a cell phone and will probably be able to read the user’s height, perhaps even their weight, heart rate, provide facial recognition with an advanced level of precision, and if you have cameras you will be able to monitor the environment and avoid possible collisions with objects in the physical world. The point to analyze is what happens if that information falls into the wrong hands.