Cyber Security Blog - Cyber Tec Security

Securing the Metaverse: The Risks and Repercussions

Written by Ella Taylor | Mar 25, 2022

If you haven’t heard of the Metaverse yet, you’re probably living under a rock. In October 2021, Facebook CEO, Mark Zuckerberg, announced that Facebook would be rebranding as ‘Meta’, describing it as the future of social, business, leisure and culture.

Zuckerberg defined the Metaverse as the moment when immersive digital worlds become the primary way that we live our lives and spend our time’. The things we do now - business meetings, lunch with friends, going to the museum could all take place in a virtual world. It might seem crazy to imagine this but that’s probably how people felt before most great leaps in technology - mobile phones, the Internet, the Cloud - all these were revolutionary.

The idea of a virtual reality universe has existed in media for some time now (think The Matrix, Ready Player One, Black Mirror) but it is Zuckerberg’s goal to make this a living reality by 2031, with over a billion signed up to the Metaverse platform.

Sounds great doesn’t it?

We thought FaceTime was impressive, imagine taking part in activities with long-distance friends and family as avatars in a virtual world!

However, one aspect of the Metaverse that many have begun to shine a light on, is how secure it's going to be. How will we know the avatar we’re faced with is who they really say they are? Is that really your colleague sitting opposite you in a business meeting or is it a competitor vying for information about your business? Or worse, a bad actor looking to steal corporate data? These are the kinds of questions that will need to be asked - and addressed - if we’re to fully commit to the Metaverse.

Increase in data harvesting: While it's common for companies at the moment to collect personal data like email addresses and phone numbers, operating in the Metaverse will likely mean a lot more data could be collected - things you say or look at, details about your body language and biometric information, for example.

New devices: working with VR requires the use of things like headsets, cameras, sensors and microphones which all have the capability to collect your information. New laws and regulations will likely need to be introduced regarding what kind of data will be held, but this increase in tech may leave some users feeling uncomfortable.

More endpoints for hackers to exploit: With these new devices, you also expand the attack surface for hackers and if they are not maintained and updated correctly, they could be vulnerable to cyber attack.

How will we ensure a safe and secure Metaverse?

Of course, Zuckerberg will be responsible for a lot of the security measures implemented in the Metaverse to reduce the risk of data breaches and cyber attacks as much as possible, but there are also things we, as consumers, can do to protect our personal information.

For those accessing the Metaverse from their home environment, it will probably help to set up a virtual private network (VPN) to better secure your home’s internet connection. VPNs work by encrypting incoming and outgoing data so hackers will have a harder time intercepting and compromising it. A firewall is another crucial bit of cyber security for preventing external threats. Think of it like a nightclub bouncer that sends away any troublesome characters and only lets the good kind of traffic into your home network.

If you know you’re guilty of poor password keeping, that’s something you’re going to want to sort out before you start using the Metaverse. Credentials are still one of the most common ways hackers pull off breaches, so don’t make it easy for them!

In the Metaverse, there may well need to be more substantial ways of verifying a user, for example, some sort of photo ID, as it would be all too easy for a hacker to impersonate someone and access the information they wanted.

Identifying a malicious hacker would be especially hard if everyone was accessing the metaverse via a VPN because your IP address is changed and activity is encrypted, so the need for something more to check each user is legitimate will be crucial to protect against things like identity theft.

Something Zuckerberg will definitely need to do if he’s going to make people feel confident existing in the Metaverse, is establish a set of rules and processes to protect users and encourage only secure and positive behaviour.

So who is going to be the voice of authority in the Metaverse?

The Metaverse is arguably closing the gap between the real world and online, so there must be a point where some sort of governance is required to monitor and moderate user behaviour. The vision is that we will be operating in a similar way to our realities - interacting with others, making purchases, attending events - so there’s got to be a focus on making sure this happens in as secure an environment as possible.

Giving users adequate control of their privacy and security will be a good start, as well as providing an easy way for users to report poor behaviour and make suggestions for improved safety features. There has already been a case of sexual assault within Meta’s VR social media platform, Horizon Worlds, showing that we almost have to start treating these avatars as real people in order to keep users safe. Meta have acknowledged this now, with the introduction of their Personal Boundary feature that is ensuring a 4ft distance between two users.

While it’s important that the Metaverse be policed in some way, the prospect of a company or individual controlling it is a scary thought, and one not many will agree with. Interestingly, there have already been some attempts made by volunteers to act as a VR police force, but they have already found that many are using the virtual world as a means of releasing pent up frustrations at real-world police units and this begs the question - will immoral behaviours have repercussions in the Metaverse as they would in reality?

What remains clear is that life in the Metaverse may well be just as unpredictable and challenging as life in the real world, and Meta and anyone else that will be responsible for making it safe will need to be prepared for this.

AR and VR technologies lead to a great number of security concerns, and for a company that has previously been under fire for neglecting the privacy of its users, Meta must get this right with the Metaverse. It’s not going to be easy, but judging by Zuckerberg’s forecasting, they’ve got another 5-10 years to come up with some solutions.

Only time will tell!