The terms “metaverse” and “augmented reality” may conjure up images of people searching the streets at night for PokéStops or friends in headsets brandishing virtual sabers. Thanks in part to the popularity of games, virtual, augmented, and mixed reality technologies ( “immersive technologies” ) have gained popularity, but their uses go far beyond novel entertainment experiences. They are already being used to improve manufacturing, improve accessibility, increase access to education, and train healthcare and retail workforces.
The way we interact with one another and the rest of the world may change as a result of immersive technologies. In the future, family and friends could virtually explore a new city, take in natural wonders, or simply get together more frequently. Electrical utilities workers could use augmented reality technologies connected to smart city infrastructure to locate faulty grid equipment.
These intriguing potential advantages could also lead to new cybersecurity and privacy vulnerabilities that, if disregarded, could harm society and the economy.
In cybersecurity, there are digital technologies that use novel interfaces, protocols, etc. to enter new fields. can widen the attack surface and upset current trust balances ( i .e., the balance of risk mitigations ). These new technologies will also bring a variety of human factors into cybersecurity because they are clearly human. Think about how a phishing email can cripple you today, but how people who rely on the technology might be able to access it through similar attacks using something like an AR code and AR glasses. Additionally, immersive technologies might improve cybersecurity controls and mitigations. In contrast to handheld or desktop displays, which are more vulnerable to attacks, such as” shoulder surfing,” private displays like those used in AR and VR headsets can help preserve data confidentiality during the display of sensitive information.
These technologies rely on spatial and body-based information about people to function, which can pose serious privacy risks. This includes combining behavioral information about emotional and psychological states with biometric information used for purposes other than identity verification, such as eye tracking. Traditional privacy principles may also be constrained by immersive technologies. For instance, complex techniques can be used to measure physical data that is required for functionality. This restricts people’s capacity to comprehend and manage how their data is gathered and used. Integration with other emerging technologies, such as artificial intelligence, further complicates the particular situation where cybersecurity and privacy risks can develop and must be handled.
NIST will examine the state of immersive technologies in the upcoming months and solicit feedback from our stakeholders on cybersecurity and privacy issues. This work entails conducting a workshop, asking for input and comments from stakeholders, and then presenting the findings and suggestions for the next course of action.
As we work with the community to learn more about these technologies, we hope you will share your knowledge. We appreciate any feedback from interested parties. You can contact immersivetech]at ] nist with comments, feedback, and inquiries. Government ( immersivetech]at ] nist]dot ] Please keep an eye out for more information on immersive technologies from NIST!