Intelligent CIO APAC Issue 30 | Page 45

CIO OPINION headsets and accessories also pose a threat to core data with the onboard software in those devices a very convenient red carpet to paydirt if they are vulnerable .
Security researchers from Rutgers University revealed ‘ Face-Mic ’ in early 2022 , the first study of its kind examining how voice command features on Virtual Reality headsets could lead to serious privacy breaches , known as ‘ eavesdropping attacks ’.
The work is fascinating , showing that threat actors could potentially use some virtual reality ( AR / VR ) headsets with built-in motion sensors to record speech-associated facial gestures , leading to the potential theft of sensitive information communicated via voice-activated controls , including credit card information and passwords . The root cause of the issue appears to be a lack of user authentication .
With the accelerometer and gyroscope not requiring any permission to access , intricate facial movements , bone-borne vibrations and airborne vibrations could be recorded and used to deduce everything from banking PINs to highly restricted healthcare records , depending on the patterns of the user .
In the Metaverse , every movement you make is a data point , and if access to it is possible through lax software security , the incentive for attackers to try their luck is enormous .
Smart contracts face smart ( er ) adversaries without compromise . There are growing metaverse microeconomies in various cryptocurrency communities , like Shiba Inu . To buy virtual real estate and other intangible products , smart contracts stored on the blockchain are utilised .
Mention ‘ blockchain ’ and most average people ( with a little tech-savvy ) understand it as a secure and anonymous system for what is , considered to be , the future of digital currency . There ’ s a little problem with that , however : no online fortress is impenetrable , and those smart contracts are no exception . They are essentially little programs , and they can be hacked .
Smart contracts are susceptible to exploitation thanks to a few common vulnerabilities , namely integer overflow and underflow , replay attacks and the ( very damaging ) blockchain-centric bug leading to re-entrancy attacks , the latter of which can lead to a user being drained of their stored crypto balance . All these attacks are made possible by poor coding patterns leading to exploitable vulnerabilities and insecure design fundamentals .
This technology will only become more widely used , yet we are going to struggle to find enough security-aware developers to ensure a secure , failsafe Metaverse . Organisations must understand the magnitude of their Metaverse participation , particularly if data and currency are at stake , and it ’ s difficult to imagine a scenario where this wouldn ’ t be the case .
It ’ s an unregulated environment , and you ’ re ( still ) the product
The meta-economy demands decentralization , dematerialization , flexibility and of course , security
Just as we have seen in movies , TV , Second Life and video games , a Metaverse environment allows
www . intelligentcio . com INTELLIGENTCIO APAC 45