"The metaverse" is a term that has been used with great enthusiasm by some of the largest technology companies on the planet recently, but the term remains partially ill-defined.
If you ask Meta (née Fb), the Metaverse is going to be a series of interconnected virtual spaces where people gather to work, socialize and play. These cloud-based environments will be accessed through virtual reality headsets or will be projected onto the physical planet.
Microsoft, meanwhile, describes the metaverse as a "persistent digital planet that is connected to many aspects of the physical planet, including people, places, and things." The company claims that it sees the metaverse as "both a new medium and an application genre" that is new in exactly the same way that the Internet was in the XNUMXs.
If you are not wiser yet, you are not alone. The metaverse is still under construction; the technologies that compose it already exist, but the complete picture will not materialize in many years.
However, according to the threat intelligence unit of the networking company Cisco, the precise aspect of the metaverse would have to be a secondary consideration: the first priority would have to be to protect it.
“The term 'metaverse' implies that a revolution is coming in the way we use the Internet and also interact with each other. However, we have to be aware of the potential downsides,” said Martin Lee, EMER manager at Cisco Talos.
“We are dealing here with a new version of the Wild West; it is very exciting, but just as dangerous from a cyber security and data privacy perspective.
Move fast and (try not to) break things
Historically, the most successful technology companies have been those that have not wavered in their commitment to the 'go fast and break things' mantra, coined by Mark Zuckerberg himself.
The downside with this approach, Lee says, is that product-focused technologists often leave a minefield of cybersecurity and data privacy drawbacks in their wake, waiting to be exploited by cybercriminals.
“This has been a problem in software development for years; security is often an afterthought,” he told TechRadar Pro. “And every time there has been an evolution in the way we communicate, it has also brought out the dark side of human nature.”
“Criminals and scammers on this planet have repeatedly proven their ability to innovate. They have always and at all times been eager to adopt new platforms, which provide a new discussion forum for criminal business models, and there is no reason to believe that the metaverse is going to be any different.
According to Lee, the first step is educating frequent users about potential threats. An informed public is better equipped to recognize a fraud attempt and make decisions about exactly which facets of the metaverse to engage in.
Second, it states that it is essential to demand that security be incorporated into the equation from day one of development. Since most specialists think that the Metaverse will not materialize in the near future, there should be many clues in order for it to happen.
In practice, however, securing the metaverse by design can be quite difficult. Since this series of virtual environments is not very likely to be owned or governed by a single entity, and given the likelihood that cryptocurrency will play a role in the transactions between the components of the Metaverse, it will not be easy. attacks.
When presented with this conundrum, Lee agreed that it's not a problem that the company hasn't figured out how to solve it yet. The Internet was created three decades ago, she said, and it is still not trivial to determine who is in charge of observing a digital crime, as the Internet "in many ways transcends national borders."
“On the physical planet we have governments, law enforcement and courts where we can settle disputes,” he said. “So when these new metaverse environments are built from scratch, it's going to be essential to clarify who is monitoring them and what recourse users have if something goes wrong. "
Another vital part of securing the metaverse is going to be establishing a robust identity verification system. On a planet where the entire planet is represented by an avatar, identity theft could become even more common and dangerous.
"On the real planet, we have identities and consequences for our actions that affect our personal reputation, but that identity on the real planet is misaligned in a virtual environment," Lee told us.
“In the Metaverse, you won't know if people are who they say they are or if they are trustworthy. The question of who is who in these virtual worlds is still unresolved. "
In addition to spear phishing and financial fraud attacks, it's simple to imagine how identity-clarification hassles in the Metaverse could be used to catch cats or glimpse.
People are also expected to attach cryptocurrency wallets to their metaverse avatars, which Lee describes as a "gift for bad guys." And non-fungible tokens (NFTs) are also expected to play an essential role, perhaps in the form of digital clothing, which will create opportunities for more scams.
The public blockchain, the technology that sustains both cryptocurrencies and NFTs, is not maintained or operated by a single entity. This is useful for anyone who is concerned about the risks of centralized power and single points of failure, but not so useful when trying to address wrongdoing.
“If you participate in the exchange of value in one of these settings, what will you do when the other party does not follow through on their part of the deal? At what time do you deliver cryptocurrencies but do not receive anything in return? Lee asked.
"We've already seen evidence of digital asset counterfeiting and major cryptocurrency wallet thefts, and indeed we're looking at these types of scams in the metaverse as well."
As for how these drawbacks could be addressed, Lee reiterated the importance of educating users so they are better equipped to protect themselves. But end users have never been particularly good at defending their interests. To serve as an example, despite repeated warnings about the risks of unique and duplicate passwords, quite a few people continue to be guilty of horrible passcode hygiene.
Solutions like multi-factor authentication can go a long way toward protecting against phishing and fraud in the metaverse, Lee explains. Another alternative is to enforce biometric authentication, which would significantly reduce the risk of identity theft attacks. But that would require people to be willing to sacrifice convenience or their biometric data for security reasons.
Cost benefit analysis
For someone who spent the duration of our talk methodically exposing the risks associated with the Metaverse, Lee is surprisingly optimistic about the value it could bring.
When asked if he thinks companies that position themselves as architects of the metaverse (Meta, Microsoft, Google, etc.) can be trusted to build this new medium responsibly, Lee declined to comment. Mas expressed a level of enthusiasm for the possibilities that the Metaverse represents.
"Normally, I'm optimistic about the direction this is going," he told us. "These virtual worlds are going to be full of opportunities and have the potential to have a huge positive impact on our daily lives."
“Of course, there are costs as well. As the metaverse evolves, they will try to minimize the potential for abuse, raise the level of consumer awareness, and put pressure on the companies tasked with building it. "
Technologists' tendency to prioritize product over safety is virtually impossible to turn off; at least up to a point, that is the reason for its success. However, if end-users demand that they take their security seriously, Lee suggests, technologists are going to have no antidote but to pay attention.
- Protect yourself against security threats with the best antivirus services available
//