Surviving the Metaverse In 2030
Tony Campbell, Sekuro’s Director of Research & Innovation. Tony has spent many years working in and researching cybersecurity, so our conversation was both detailed and practical.
Financial crimes, such as cryptocurrency attacks, money laundering and scams will be rife, and with NFTs used to prove asset ownership, the underlying technology platforms will come under a significant weight of attack. Highly motivated criminal and state-sponsored cybercrime gangs will build sophisticated teams of Metaverse hackers, who will target every kind of system, from the underlying technology to social engineering scams to try and get their hands on our digital assets.
Vast volumes of personal data will be collected through our digital interactions, and this isn’t limited to credit card details and health records. It will also include real-time streaming data from biomedical devices and the output of haptics and tactile sensory systems, all providing new and insidious attack vectors for exploitation.
Virtual hospitals are already selling real estate in their digital campuses, renting space on platforms to specialists to run their virtual clinics. It won’t be that long until an appointment with a GP requires you to stream data from a suit of medical sensors, giving the GP a real-time view of heart rate, blood pressure, ECG data, and blood O2 levels. The doctor will have a holistic view of your symptoms, which can be immediately cross-referenced and correlated with your entire medical history, your overseas travel records, your vaccination records, and your family history, as key genetic markers. Diagnostic medicine will advance significantly over the next few years, which will exponentially escalate this threat to our health data. An attacker with access to this data can completely hijack your identity. If an attacker can perfectly simulate your Metaverse avatar and even stream simulated medical data based on your biomedical identity, you don’t need to be Arthur C Clarke to imagine the ramifications.
Furthermore, if treatments are supported by AI and ML, and recommendations are proffered without human intervention, where does that leave medical insurance companies? With no one to blame if things go wrong, who does the patient hold accountable if the treatment causes harm? The programmer, maybe? The scientists who wrote the algorithms. These problems need legal and ethical consideration and solutions before they become mainstream.
Terrorism is also a major concern for the Metaverse, as terrorists have always attempted to exploit new technology to further their cause. The Metaverse will create new opportunities for terrorists to spread propaganda, undertake convincing recruitment campaigns and deliver immersive operational training. No longer will recruits have to travel halfway around the world to learn their ways, instead they will hook up their VR HMD and learn to plan an attack without ever crossing a border. Terrorist propaganda is already appearing in today’s early Metaverse platforms, with Europol reporting claims that “Nazi gas chambers have already been reported in Roblox.51.”
We’ve all heard of fake news, and it’s even become somewhat of a joke, but the potential for leveraging the Metaverse for disinformation and misinformation campaigns should not be underestimated. One particularly insidious mode of attack that law enforcement expects to escalate is the so-called, Overlay Attack. In this situation, attackers assume control of a user’s digital identity and hijack their environment, changing it to suit their needs. With complete control over what the user sees, hears, and interacts with, coercion, fake news and psychological manipulation become potent digital weapons.
Undoubtedly, the Metaverse will bring many amazing advances to both our personal and business lives, but as technology evolves, so do the threats. It’s vitally important that cyber security is a core design tenet for every single Metaverse solution. But we also need governments and technology providers to consider the laws, standards, regulations, and ethics of these platforms and provide law enforcement with the tools to tackle cybercrime on a global scale. Only then will we realise the Metaverse’s full potential, when people believe it is safe enough to use.
Tony has been in information and cybersecurity for a very long time and delivered projects and services across a bunch of different industries through a variety of different roles. Over the years, Tony has always tried to bridge the growing skills gap through his employment, by mentoring, teaching and working with other disciplines to help them understand the complexities of what we do.