Blossoming from technological roots that stretch back to the 1960s, augmented reality (AR) is on the verge of going mainstream. Emerging commercial offerings such as Microsoft HoloLens and Vuzix Smart Glasses are attracting the interest of both businesses and individual consumers, and developers are dreaming up innovative applications for the technology. As with virtually every digital technology, however, AR introduces new security risks along with its benefits.
Unlike virtual reality, which fully encompasses users in a simulated visual world, AR overlays real-time, computer-generated visual, audio and haptic signals onto a person’s natural field of vision, hearing or sense of touch. Those overlays could be navigation data for a car driver or airplane pilot, schematics for an electrician doing repairs, or even a remote surgeon projecting her hands into the view of an operating surgeon to help guide him through a challenging procedure.
When considering risks associated with AR, most people think of user distraction as the most obvious danger. Projecting too many confusing images into a driver’s field of vision, for example, could clearly have disastrous consequences. Less obvious to many is the threat of hackers breaching AR systems, which could result in privacy invasions as well as digital data and physical security risks.
AR researchers have been aware of these cyberrisks for some time. A paper published in the April 2014 issue of Communications of the ACM raised warnings about many of these potential threats. For example, a hacker could compromise the output of an AR system, tricking users into thinking computer-generated objects are real – such as a false speed limit sign. Another scenario: Because AR applications require access to a variety of sensor data such as video and audio feeds and geolocation, a malicious application could leak a user’s field of view or location.
Two years after the ACM paper’s appearance, AR’s market advances are making the theoretical risks it discussed more pressing. A new report, 2016 Emerging Technology Domains Risk Survey, identifies AR as one of 10 technology domains that could result in significant disruptions (to safety, privacy, finance or operations) if breached. Produced by the Software Engineering Institute’s CERT Division at Carnegie Mellon University, the report includes one market researcher’s estimate that the combined AR/virtual reality market could grow to $150 billion in five years, with AR accounting for 80% of the total.
Given AR’s already-expanding role in everything from navigation to medical procedures, the CERT report notes: “The criticality of such systems makes any compromise a potentially high-risk event to victims.”
AR solution vendors, as well as organizations deploying those solutions, must address head-on the potential privacy and security risks that this technology can introduce. Fortunately, many existing security controls and practices – such as encrypting wireless data transmissions – can serve to protect AR system inputs and outputs. Organizations just need to have clear visions about how to overlay their existing security regimes onto the AR field.
Dwight Davis has reported on and analyzed computer and communications industry trends, technologies and strategies for more than 35 years. All opinions expressed are his own. AT&T has sponsored this blog post.