Will VR Be the Death of Personal Space and Security?
Learn about the dangers of using VR in the healthcare industry and learn how a GIF used in a VR headset was ruled to be a deadly weapon.
Join the DZone community and get the full member experience.Join For Free
In a world where advancement and improvement are key, the demand for novel experiences continues to grow. Our culture strives for not only improvements in technology we currently possess, but advancement into the realms of tech that was once thought to be nothing more than unattainable dreams. With this advancement, however, comes great responsibility, and the question of whether or not the giants of the tech industry are actually capable of harnessing the power they’ve provided our culture with.
Nowadays, the need for strict security measures is vital, but are we actually holding up to these standards? And if not, what does that mean for the average consumer buying these advancements on a daily basis? For companies like Sony and Microsoft, virtual and augmented reality are the newest endeavor into the unknown, but perhaps it is still too early for such technology to be readily available. In fact, despite the VR market distributing over 6.3 million headsets in 2016, many security specialists fear that this technology is still not as secure as these companies claim it is — and the effects this lack of security may have on our society could be nothing short of disastrous.
How Does It Affect the Consumer?
Last year, over $2 million was invested in the virtual and augmented reality industry due to the sheer supply needed to meet the demand of these devices. On the subject, Ben Smith, CEO of Laduma, stated, “As new developments are rushed to market in order to gain a lead on competitors, there is a risk that mistakes are being made.” The truth is that these devices are not as safe as they are marketed to appear. Because the demand for these devices is so high, many companies rushed them to market without truly meeting the security standards required to be successful in the long-term.
The main security concerns for virtual reality headsets come in three forms: visual terrorism, botnets, and phishing. Visual terrorism is fairly simple to understand due to the fact that it truly isn’t rocket science to realize that you can be visually attacked when your face is millimeters from a giant immersive screen. With the most recent visual attack on Newsweek journalist, Kurt Eichenwald, resulting in a GIF being determined to be a deadly weapon in the court of law, it is no surprise that many specialists fear VR could soon be used in the exact same way.
In this case, cyberstalker John Rayne Rivello sent Eichenwald a GIF consisting of a series of flashing colors on Twitter, with the quote, “I hope this sends him into a seizure” sent directly afterward to one of his friends, as well. Eichenwald suffers from epilepsy and, after seeing the GIF, he experienced a severe and nearly fatal epileptic seizure.
The court later ruled that said GIF had been used as a deadly weapon and convicted the man of assault with a deadly weapon for the incident. This case strikes up a rather disturbing (yet true) fact about virtual reality devices, which many of the companies manufacturing these products seem to have forgotten about which is that this device can easily be transformed into a weapon if in the wrong hands. Some of their players have already experienced nausea and severe migraines simply by playing the games provided by these tech giants but what if a hacker were to create imagery specifically made to attack individuals more susceptible to VR illness or even epileptic seizures? This is where visual terrorism begins to unfold and the fear related to it finally makes sense.
When it comes to botnets, the same lack of security standards turns VR devices into targets. Last year alone, countless malicious malware attacks were caused by none other than botnets, including the Mirai malware attacks that actually set records never before seen. Mirai malware uses a table of nearly 60 common factory default usernames and passwords to target devices with weak security and infects them with the malware. From there, these devices monitor a command and control server to bypass anti-DDoS software. By targeting cameras and cell phones with weak security, these botnets were able to infect many devices with the malware without triggering any of the software put in place to deflect it.
The problem with this is, simply put, that VR headsets could easily be infected and lead to massive data breaches and malware attacks, which could shut down entire companies, destroying their stocks in a matter of hours. For the consumer, this could mean not only that their device is no longer functional, but that their personal information is now up for grabs by whoever chose to attack in the first place.
Lastly, phishing is one of the most common and likely forms of a VR attack that security specialists fear will soon occur. Phishing is a technique in which hackers create false identities in order to trick individuals into doing things they would not normally do. For instance, by hacking into VR headsets and using fake virtual objects or pretending to be updates for the system, consumers may unwittingly deploy Trojans into the network or leak their passwords to hackers. This could make for a far easier entryway for hackers to manipulate data in the cloud.
With virtual reality hacking becoming a major concern, it is important that we analyze how exactly we can strengthen these security standards — not only for the consumers utilizing this technology but also for the professionals taking a chance by incorporating this tech into fields that put it into contact with sensitive information, such as company data and even patient information.
How Does It Affect the Healthcare Industry?
With telemedicine and technology in the healthcare industry becoming so prevalent, it is no surprise that VR has made its way into the equation. In fact, virtual reality headsets are already being used to rehabilitate stroke victims, and even to help medical students learn more about the human body and surgery without actually being present with a live patient. However, the main issue with this is, once again, the security of the connection.
By connecting these devices to the same databases that hold all of the patient records, a gateway is formed for hackers to access information on any patients within the database and use it against them. In turn, they can steal the identity of any of these individuals, or even sell the information to others on the black market. With the digitization of nearly everything nowadays, it is all the more crucial that we mitigate the risk of electronic health records and the weak security of devices that could access them at any given point in time. This information is certainly not something to mess around with, and could even lead to the death of countless patients within the breached facility.
Furthermore, not only could cyber criminals access patient records but they could also hack into any and all electronic devices also connected to the same network. Whether they choose to hack into the VR headsets themselves to attack individuals more susceptible to strokes and seizures, or they choose to attack computed tomography (CT) machines to hurt individuals using radiation, these devices that we plan on connecting to the IoT in only a matter of years could quite literally lead to the death of hundreds of individuals.
Unfortunately, new technology is highly important in the healthcare world meaning that the use of virtual reality for all kinds of previously dangerous procedures could be life-saving in itself. However, until the devices are secure, the risk of being hacked remains a major one. For instance, many individuals have begun to utilize virtual reality for training in a far more realistic manner regarding future surgeons. Because of this, many young surgeons are learning how to perform operations that are typically considered quite difficult otherwise. A perfect example comes in the form of hernia mesh operations which, before, were considered extremely dangerous due to organ removal, nerve damage, and other serious side effects.
Now, with the use of virtual reality headsets, on the other hand, these surgeons are able to not only see other doctors perform these considerably dangerous operations firsthand but also potentially be able to perform the operations virtually if need be in the future as well. This could mean thousands of doctors being able to stay at home and enjoy their lives whilst still helping their patients and staff. In the end, however, the security concerns are too strong currently for most hospitals. Furthermore, with the latest ransomware attack being the largest in the world and directly affecting 16 different hospitals in the NHS, it’s no surprise that new technology is being put under a scrutinizing eye in the healthcare world as of today.
How Does It Affect Business?
In 2016, 45 percent of all breached organizations were in the business sector. The main reason for this comes in the form of cloud technology and the internet of things (IoT). With a rise in both the popularity of wearable technology, as well as telecommuting, an increasing number of careers where you can work from home are opening up, including jobs in web design and the healthcare industry. However, the use of weak devices connected to the same cloud their companies are connected to is exactly why a rise in data breaches in the business sector has occurred.
When employees connect devices such as cell phones or wearable tech to a company site and various other pages in which their company’s data is vulnerable, they open a gateway to the business’ sensitive information. With this access point, hackers can easily steal said data. In turn, these hackers can find out information about not only the employees and the company itself but also about their clients and personal information, such as financial data. Now, multiple companies have begun to consider the idea of using virtual reality in business to improve the way they secure their data, as well as the way their employees work both in and out of the office. From using devices to work with 3D models for product testing without wasting the excess paper and supplies that is used to build them in real life to virtual data recovery, the opportunities for VR in business are endless. However, with these headsets being so clearly weak in security measures, they open up an entirely new way for these various companies to be breached. VR could lead to massive hacks larger than even the likes of the DDoS attack on Dyn or Krebs on Security.
Using any of the methods above, these hackers could quite literally open up an entire company’s database and receive information on the identities of employees and clients, as well as the financial information needed to physically steal from them. With data intrusion becoming very popular as well, these breaches could take years for companies to even notice them and, although many companies use databases with strong security measures such as Filemaker 16’s new security features, there are many companies that are completely unaware of the weaknesses their online databases contain. Although businesses affected by breaches may lose mere pennies at first, the things cyber criminals might intrude upon could bankrupt entire companies without them ever knowing why in little to no time at all.
Furthermore, this could significantly affect particular industries as well such as the auto and phone industry as it means that devices which are also weak and connected to the same network as these VR headsets will be directly targeted in cyber attacks. For instance, with the big news arising that the first autonomous vehicles are coming to Texas, this means a myriad of cars that are connected to the IoT and, due to the fact that this is new technology. Likewise, the security more than likely is not up to par in these cars just yet either. With this being said, a hacker could easily hack into the network the car is connected to and then control the car from afar meaning terrorist attacks could actually be piloted by our very own cars.
Lastly, with the prevalence of utilizing wifi extenders and wifi calling, it is no surprise that many phone carriers are well aware of the negative effects these headsets could have on their industry. For instance, due to the fact that these calls rely on a connection to a network and these devices are weak and often the leading cause of DDoS attacks and Malware attacks. Likewise, this could mean that a hacker could easily use these devices to create an entirely infected network and use this to their benefit in the process.
In the end, this ‘power” only lies in the hands of one industry — the one that created it. These tech giants may be making billions on the virtual and augmented reality devices they created, but, without the security measures in check to ensure they stay safe, it truly means very little in the wider scope of things. The most important thing to keep in mind is what exactly makes these devices so weak, and how we as a culture can counteract their weaknesses.
After all, you don’t have to throw your virtual reality headset in the trash just because the security measures aren’t up to par. Instead, the best way to keep your device and ensure your safety is by using difficult to figure out passwords, not trusting popups of any kind, and by avoiding any and all payments via the device as well. By doing this, we can enjoy the advancements technology have afforded us without paying the biggest price in return.
Opinions expressed by DZone contributors are their own.