The most recent craze in Big Tech’s surveillance industry is the metaverse. According to Gartner researcher Mark Ruskin, access to the metaverse for commercial purposes won’t begin until the 2030s. Gartner predicts that by 2026, 25% of the world’s population will spend at least an hour online, whether for work, play, or socializing. When the metaverse finally materializes, a slew of brand-new issues about user security, privacy, and health are expected to arise.

What exactly is a metaverse?

The metaverse is “a communal virtual open space, generated by the merging of virtually enhanced physical and digital reality,” per Gartner’s description.

Mark Zuckerberg, CEO of Meta, said in an interview with MIT professor Lex Fridman that “many people think that the Metaverse is about a place, but one meaning of this is: It’s about a period when essentially immersive virtual worlds become the main way that we live our lives and spend our time. That is a reasonable construct, in my opinion. Hopefully, Zuckerberg is mistaken, and the metaverse never replaces how we spend our time and live. But whether we like it or not, the metaverse will evolve. Therefore we should be ready for the results.

Zuckerberg acknowledges the security issues that the metaverse inevitably raises. People won’t want to be impersonated, he added to Fridman. That poses a serious security risk.

Age verification, bots, and hijacked accounts will undoubtedly be significant concerns.

The enormous quantity of financial and personal data gathered while we work, socialize, and shop in the metaverse can now be supplemented by biometric data. For user authentication, biometrics, such as fingerprints, facial recognition, and retinal imaging, is already being investigated by Zuckerberg and others. Confirming that users are who they claim to be will be essential for metaverse producers and stakeholders.

Social engineering will become widespread.

Social engineering attacks will flourish in the metaverse. Users in the metaverse resemble avatars. Therefore it stands to reason that bad actors would try to steal, falsify, or manipulate these avatars. It is logical. An attacker may then ask the victim’s coworkers for information after taking control of the victim’s avatar.

In the modern world, if a coworker’s email is compromised, a malicious request or phishing attempt could originate from that compromised email. It is unclear how well coworkers will be able to verify the validity of one another’s avatars, and it may be challenging to spot a stolen avatar in the office. A request coming from a hacked avatar will probably be more difficult to recognize in the metaverse.

In the end, fraudulent activity by bad actors will be made easier by the widespread use of avatars. It will also be simpler for these players to conceal their illegally obtained wealth within the metaverse, given that bitcoin transactions are frequently used.

Also Read: You Should Be Aware Of These Metaverse Security Issues

Safety issues

In an internal memo, Meta CTO Andrew Bosworth acknowledged that controlling conduct in the metaverse “at any significant scale is unachievable,” according to The Financial Times. Even if this occurred in March 2021, it doesn’t provide much reason for confidence, especially when one considers Meta’s safety record inside its legacy businesses, particularly Instagram.

Moreover, the first reports on the security of the metaverse have not been promising. According to the Center for Countering Digital Hate (CCDH), the highly rated Facebook app VR Chat contained harassing, racial, and sexually explicit content.

Regulators and public authorities are already debating whether crimes committed in the metaverse should be punished in the actual world because the metaverse seeks to duplicate much of the physical world. Sultan Al Olama, the UAE’s minister of artificial intelligence, stated earlier this month that significant metaverse offenses like murder should carry real-world penalties.

What lies ahead?

The metaverse is similar to the dot-com bubble when businesses flocked to purchase domain names. Similarly, businesses are already flocking to raise corporate flags in the metaverse. This, however, has slowed considerably in recent months, indicating that the metaverse may be a passing trend. For instance, Decentraland and The Sandbox recently had record-low land sales volumes.

The metaverse is a developing attack vector but must be regarded seriously. IoT and edge devices will gather personal and financial data, which will be processed at 5G speeds. Social engineering attacks are anticipated to be widespread; user privacy will be in danger, and safety is a major concern. Even if the “metaverse business,” as Gartner terms it, does materialize, it will be rife with security, privacy, and safety minefields. The director of AI research of ManageEngine, the enterprise IT management branch of Zoho Corporation, is Ramprakash Ramamoorthy.