Cybersecurity Experts Weigh in on The Metaverse

Modern technologies. Close-up of VR headset laying on the office desk and near laptop and computer

Social virtual reality worlds like the Metaverse may pose security risks, particularly for children, according to a CBS investigative report. CBS spoke to Meta Platforms Inc., Arkose Labs, Cobalt.io, Epic Games, and others, concluding that the virtual reality (VR) world is replete with security risks.

Cybercriminals are already targeting the newly formed Metaverse to make money, steal personal data, as well as spy on people, and control devices with “launch camera” and “overlay attacks,” the report said.

Metaverse: Entertainment Reimagined?

One example of this new, youth-geared metaverse is the U.S. gaming colossus Epic Games’ Fortnite — a very popular game that received a $2 billion investment this week from Sony and Lego’s Danish parent firm. The two firms are set on co-developing a family-friendly Metaverse for kids, while many other companies such as Roblox see the Metaverse as reimagining the future of entertainment.

“A proportion of our investments is focused on trends we believe will impact the future world that we and our children will live in,” CEO of Kirkbi (Lego) Soren Thorup Sorensen said Monday.

VR experiences in the future “will likely seem more real” Meta’s Jason Rubin told CBS News in an interview conducted in a virtual reality space. “We [will] really become an immersive world,” he added.

However, several security experts have weighed in on the myriad of security and privacy risks in the Metaverse. Meta Platforms Inc., (formerly Facebook) had set out to responsibly build the Metaverse with a $50 million investment towards their XR Programs and Research fund for this exact purpose last year.

Security Experts Are Worried

Security experts are not as optimistic about the whole scenario. After all, they know cybercriminals will not be far behind the latest developments in the tech world where there is money to be made and personal information to be stolen, the report said. “We totally expect them to move into this,” co-founder of Arkose labs Kevin Gosschalk stated.

12-year-old Cooper Stone, like many kids, loves to play Fortnite via his VR headset today because he can go to VR concerts and “see famous and really cool people around the world,” he told CBS News’ Anna Werner.

Stone and his parents were scammed, though, when hackers breached his Fortnite account last year and “charged up his parents’ credit cards,” CBS News said. Most of the time, such scenarios arise due to malware, phishing, or password reuse between multiple sites, Epic Games responded. For these reasons, purchase controls for parents and checking all accounts for signs of compromise already applies to Fortnite, Epic Games said.

VR social platform risks can get more disturbing, for example when a hacker gains access to a VR headset, Cobalt.io’s Caroline Wong added. A hacker can potentially see into an office or bedroom, or spy on a home via a “camera attack,” Wong said. Meanwhile, an “overlay attack” can allow hackers to control what users see and hear, she said.

Safe Zones for Children

Metaverse content can sometimes be especially disturbing for children, like “finding guns in some user-created rooms and inappropriate metaverse graffiti images,” the report said. For these reasons, Meta told CBS News that “[VR] headsets are designed for children ages 13 and up with some experiences only for people 18 and up.”

In addition to that, parental supervision tools to monitor kids and teens’ activities, along with “safe zones” within the software to mitigate uncomfortable situations have been set up, Metaverse’s parent company Meta said. “Later this month, the company will offer a way for parents to lock specific apps that aren’t age-appropriate for teens” the report added.

“You can’t protect against everything” because the Metaverse realms are what they are, Wong said. “How long your eyes gaze at a particular digital object? Exactly what you click on, exactly what you type. All of that is being monitored. It can be monitored” Wong added.

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.