Virtual reality security and privacy concernsLike any connected device that’s part of the Internet of Things, some VR platforms will likely be designed without essential security mechanisms. Remember the Mirai malware that made millions of connected cameras part of a botnet? The same could happen to IP-enabled VR headsets. Additionally, communications between VR devices and servers might be sent unencrypted, as was the case with the OpenSim platform, an open 3D application solution being used by the U.S. Army. We all know smartphones can surreptitiously collect information on where we’ve been and when, who we’re talking to, and what we’re interested in. In the future, if VR headsets become ubiquitous, everyday devices (perhaps like a slimmer Google Glass), then someone might be able to track what you’re watching at any time. For example, one day it could be possible for auto insurance companies to deny you coverage if the sensors in a VR device suggest you suffer from slow reaction times. Additionally, remember when a series of flashing strobe lights in an episode of Pokémon caused seizures in hundreds of Japanese schoolchildren? What happens if someone hacks VR headsets and launches a visual attack that could cause adverse real-world reactions? There could be various ways hackers put individuals into harm’s way if desired.
What can be done to make VR safer?Up to this point, there hasn’t been wide scale discourse among IT professionals around potential VR security issues in businesses. But with the wide array of unique data, privacy and health security risks associated with VR technology, we’ll eventually need to have the conversation to get security right. In the meantime, there are a few precautionary steps organizations can take to improve security of VR devices. For example, before adopting VR or any new IoT technology, companies should examine the track record of the manufacturer and ask questions about whether the device’s firmware and software have been hardened to protect against prying eyes or malicious actors. Additionally, companies might want to wait a bit if there’s no immediate need to adopt VR technology, so the early bugs can get worked out in order to reduce security risks. As with any revolutionary technology, companies, human behavior and the law will have to adapt to keep up with any associated changes brought on by VR. Only time will tell if virtual and augmented reality devices will play a big role in our futures or if they’ll remain in our imaginations and sci-fi movies. Either way, IT professionals and the general public should start considering the security risks and impact of virtual reality now, so we can be prepared if they do become part of our everyday lives.