Real-world risks in an augmented reality

From education and healthcare to gaming and the military, the relatively new world of augmented reality is expanding the way humans can learn, heal, play and win. The downside to this amplified version of reality is the reliance on data that can be corrupted or stolen. This blog will explore the cybersecurity risks of the new technology.

Blossoming from technological roots that stretch back to the 1960s, augmented reality (AR) is on the verge of going mainstream. Emerging commercial offerings such as Microsoft HoloLens and Vuzix Smart Glasses are attracting the interest of both businesses and individual consumers, and developers are dreaming up innovative applications for the technology. As with virtually every digital technology, however, AR introduces new security risks along with its benefits.

Unlike virtual reality, which fully encompasses users in a simulated visual world, AR overlays real-time, computer-generated visual, audio and haptic signals onto a person’s natural field of vision, hearing or sense of touch. Those overlays could be navigation data for a car driver or airplane pilot, schematics for an electrician doing repairs, or even a remote surgeon projecting her hands into the view of an operating surgeon to help guide him through a challenging procedure.

When considering risks associated with AR, most people think of user distraction as the most obvious danger. Projecting too many confusing images into a driver’s field of vision, for example, could clearly have disastrous consequences. Less obvious to many is the threat of hackers breaching AR systems, which could result in privacy invasions as well as digital data and physical security risks.

AR researchers have been aware of these cyberrisks for some time. A paper published in the April 2014 issue of Communications of the ACM raised warnings about many of these potential threats. For example, a hacker could compromise the output of an AR system, tricking users into thinking computer-generated objects are real – such as a false speed limit sign. Another scenario: Because AR applications require access to a variety of sensor data such as video and audio feeds and geolocation, a malicious application could leak a user’s field of view or location.

Two years after the ACM paper’s appearance, AR’s market advances are making the theoretical risks it discussed more pressing. A new report, 2016 Emerging Technology Domains Risk Survey, identifies AR as one of 10 technology domains that could result in significant disruptions (to safety, privacy, finance or operations) if breached. Produced by the Software Engineering Institute’s CERT Division at Carnegie Mellon University, the report includes one market researcher’s estimate that the combined AR/virtual reality market could grow to $150 billion in five years, with AR accounting for 80% of the total.

Given AR’s already-expanding role in everything from navigation to medical procedures, the CERT report notes: “The criticality of such systems makes any compromise a potentially high-risk event to victims.”

AR solution vendors, as well as organizations deploying those solutions, must address head-on the potential privacy and security risks that this technology can introduce. Fortunately, many existing security controls and practices – such as encrypting wireless data transmissions – can serve to protect AR system inputs and outputs. Organizations just need to have clear visions about how to overlay their existing security regimes onto the AR field.

Dwight Davis has reported on and analyzed computer and communications industry trends, technologies and strategies for more than 35 years. All opinions expressed are his own. AT&T has sponsored this blog post.

Join the CSO newsletter!

Error: Please check your email address.

More about MellonMicrosoftSmartTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dwight Davis

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place