The Metaverse: Technology, Privacy and Security Risks

The Metaverse: Technology, Privacy and Security Risks, and the Road Ahead

12 Apr 2022

By Professor Roberto Di Pietro

The Metaverse: Technology, Privacy and Security Risks, and the Road Ahead
The Metaverse: Technology, Privacy and Security Risks, and the Road Ahead

What is the metaverse (MTV)?

A metaverse is a combination of persistent, multi-user, shared, 3D virtual spaces that are intertwined with the physical world and merged together to create a unified and perpetual virtual universe. Users enter the metaverse with avatars, and can interact with each other and with the items, applications, services, and businesses that the metaverse contains. In particular, the metaverse is currently seen as the next evolution of the Internet. That is, a technology-empowered, cyber-physical Internet 3.0 capable of surpassing the mobile Internet paradigm. This vision of the metaverse as the next evolutionary leap of both our physical and digital networking capabilities—and thus, also of our social life— perfectly explains the massive hype and the spasmodic attention that built rapidly around the metaverse. 

Metaverse-enabling technology

With the advent of the metaverse, access to online virtual spaces will initially be possible via Augmented Reality and Virtual Reality technologies. Indeed, two of the key and distinguishing features of the metaverse are its pervasiveness and immersiveness, reached via an unprecedented merge between the virtual and the physical worlds. One area where rapid technological progress is expected is the interfaces that will allow interacting with the metaverse. These include the technologies and devices used for inputting commands to, as well as for receiving feedback from, the metaverse. Among them are brain-computer interfaces (BCIs)—that is, neural interfaces designed to collect and process the electrical signals generated in the human brain as a result of some cognitive activity, and to convert them into meaningful inputs for an external computer or apparatus. The metaverse will eventually involve multi-sensory experiences and feedback, whether by means of brain implants or via other technologies, for example haptic devices (mechanical devices that mediate communication between the user and the computer). For instance, sensory systems will provide metaverse users with force-return effects that mimic the physical interactions in the real world, depending on the outcome of their actions in the 3D virtual world. To this regard, the metaverse will represent the next evolutionary step in our capacity to deliver and consume not only multimedia, but also multi-sensory content—a logical evolution with respect to what we have already experienced. 

Security and privacy issues

If social network users are the product of today’s Internet, in the metaverse literally everything and everyone will be the product. Social networking platforms currently act as powerful magnets for web users. Similarly, the metaverse will be an exponentially more powerful magnet for (even more) users, as well as for content creators, entrepreneurs, and businesses alike. The exposed consideration raises major concerns over the amount and type of data that such a massive platform could collect. As an example, personal information collected from social networking platforms are already used for doxing—that is, the practice, or the menace, of revealing private information of a victim with the aim of extortion or for online shaming. Given that the metaverse will provide much more personal information about its users, not only to the platforms, but also to other users, how will we keep doxing at bay? Notably, personal and sensitive information that will leak through the metaverse will include a plethora of real-world information about user habits and their physiological characteristics. While these are difficult, if not outright impossible, to obtain in the current Internet, they will be much more easily acquired in the metaverse, as a result of the tighter bond between the virtual and physical worlds. 

Security. The major security issue raised by the metaverse is tied to the fact that the level of integration of different systems would be unprecedented. Such a necessary integration would, on the one hand, dramatically enlarge the attack surface, while on the other hand it would require novel and complex access control methodologies. Other topics that will deserve specific attention, relate to the authentication of the users in the metaverse (while at the same time preserving their privacy). Finally, with the metaverse, social engineering attacks will likely become even more convenient and powerful, and thus, more frequent. In addition to social engineering, the metaverse raises additional concerns related to the privacy of user behaviors. Spying and stalking are practical examples of this kind.

Countermeasures. The immersiveness and pervasiveness of the metaverse produce a completely different context with respect to current technology. Hence, current privacy and security solutions only partially solve the privacy and security issues. The metaverse technology, architectural, and application domains are calling for further research that could help address these key issues.

The road ahead

At present, the metaverse is not yet realized. Although, it is not just a concept: it is a plan that is being implemented by Big Tech companies: Meta (formerly Facebook) and Microsoft have started pouring in billions of dollars in investments. Meta alone has disclosed plans, and has even started, to recruit 10,000 highly skilled technicians to realize the first version of the metaverse. Microsoft has started acquiring companies that already work to realize the metaverse, paying billion-dollar sums. 

So, the metaverse is a reality that is coming, bringing with it a host of challenges and opportunities, such as rethinking the services industry, the manufacturing, and the entertainment domain. Though, it brings with it security and privacy risks to an extent never experienced before. What directions the multiverse will take cannot be predicted. What can be predicted is that, regardless of its development directions, there will be a need for highly skilled technicians and savvy managers, and that is where Qatar can play a key role, given its world-class investment in education and research. For instance, at Hamad Bin Khalifa University (HBKU), we educate leaders of the future in the ICT, legal, and ethical fields. These leaders will be in an excellent position to drive the multiverse development, as well as to leverage the opportunities that it will create, helping Qatar to advance robustly toward a knowledge-based economy, and to reinforce the country’s presence in the segment of high value-added services and products, an objective the country is steadily progressing toward achieving. 

Dr. Roberto Di Pietro is a full professor of cyber security at the College of Science and Engineering at Hamad Bin Khalifa University

This article is submitted on behalf of the author by the HBKU Communications Directorate. The views expressed are the author’s own and do not necessarily reflect the University’s official stance.