The evolving Metaverse and related Cybersecurity implications

By Pradeep khanna, Founder & CEO, GLOBAL MINDSET, & Nick Tate, President, Australian Computer Society

While the concept of Metaverse has been around since 1992, it remained relatively dormant till 2019 except for being showcased in movies like ‘Matrix (1999)’ and “Ready Player One (2018)’. The rapid digital adoption during the pandemic gave rebirth to the Metaverse. when people all over the world were required to spend long periods of time at home learning, working, and socializing through technology platforms. However, it was when Facebook rebranded as Meta last year, when the Metaverse exploded in our lives and everyone all over the world wanted to know what a Metaverse is.

So, what is a Metaverse?  At this point in time, there are as many definitions of Metaverse as the number of people one talks to. Simply speaking, Metaverse is a digital world overlaying our physical world. In the Metaverse we are represented by our digital avatars. As Metaverse is a digital world, it gives us an ability to do literally anything as we do not have physical limitations.

Conceptually, somewhere in the future, we will be spending our time oscillating between the physical (real) world and the digital world. The relative time we spend in the two worlds will vary from individual to individual. We will own both real and digital assets and again the proportionate mix of assets will vary from individual to individual.

Many technology companies are building their own digital worlds which they are calling Metaverse. Business and companies are also looking at being involved /having a presence in these digital worlds (Metaverse). And many more are starting to develop offerings to facilitate entry /linkage to these digital worlds (Metaverse)

Some initial questions about the definition of the Metaverse are

  • Is the Metaverse just the digital world or is it a combination of the physical (real) and the digital world?
  • Do we define every technology company’s digital world a Metaverse or a Mini- Metaverse?
  • Is the Metaverse a total of all the digital worlds (Mini-Metaverses) being built?
  • Is the Metaverse a total of all Mini- Metaverses and the physical(real) world?

There are some other perspectives as well. Metaverse now represents a basket of emerging technologies which include AR VR XR, AI, Web 3.0, Blockchain 3.0. NFT, IoT and many more.

Web3.0 and Blockchain 3.0 represent a decentralised path where we own our data. In contrast, some of Mini-Metaverses being built by the tech companies are closed digital worlds. So, which will be the way forward – decentralised or closed digital worlds. Both will exist in some form and shape. The key will be interoperability between the many variations

It is early days and while the actual shape of the Metaverse will emerge in the years ahead, the journey has well and truly begun. We are seeing a massive new investment cycle currently underway.

The possibilities for the Metaverse are immense yet so, unfortunately, are the inherent risks. The global cost of Cybercrime in 2021 was estimated by Alessandro Profumo, head of Italian aerospace giant Leonardo, to be US$6 Trillion when he spoke at Cybertech Europe 2022. Some estimates suggest that it will exceed US$10 Trillion annually by 2025.

Cybercriminals will pursue whatever lucrative opportunities are available using the vulnerabilities of any systems that they encounter. Unfortunately, almost non-existent regulation and minimal standards leaves systems in the metaverse particularly vulnerable.  Whether it is being used for gaming or education or buying a ticket to a virtual concert, much of the activity in the metaverse has an economic value, which makes it attractive to potential cybercriminals.

A particular concern is the protection of identity. Much of the interaction with the Metaverse will be via VR/AR headsets and possibly haptic gloves. The data generated from these devices include head and eye movements and sometimes voices. This biometric data can be used to very easily identify the individual concerned, perhaps in some cases for genuine identity purposes. However, if it is not stored securely, then it could be vulnerable to a data breach resulting in the possibility of a cybercriminal gaining access to identifying information about an individual.

Not only might such information be used to gain unauthorised access to user accounts and applications, but it might also be used to impersonate an individual in a transaction. It is anticipated that avatars will be a medium of interaction in the Metaverse. Imagine if this biometric data were to be used to construct avatars which fraudulently emulated another individual, sometimes called a “deep fake”. This could mean that someone might find themselves unknowingly undertaking a transaction with a cybercriminal rather than the person that they thought they were dealing with. And it’s not just financial transactions that could be affected; as education moves into the Metaverse, online exams and assessments may be part of any offering. Clearly, the use of a deep fake avatar impersonating someone taking an exam has serious implications.

If these issues are not addressed at the beginning of developing the Metaverse, then there is a real danger that there will be a loss of trust, which will prevent effective use. To address the issues will require a concerted effort by Government, regulators, industry, and industry/professional associations to define the right standards and regulatory framework for the Metaverse.

It is interesting times indeed and so stay tuned for more updates

Pradeep Khanna and Dr Nick Tate

LEAVE A REPLY

Please enter your comment!
Please enter your name here