Is the metaverse safe?

Is the metaverse safe? 

If it isn’t clear by now, it will be soon: the metaverse is coming. While still only a concept, all this talk about virtual worlds, brain chips, tactile interfaces and artificial intelligence (AI) can only mean these technologies will soon come together. Many folks will get wrapped up in this merger of the virtual world with the physical world once the metaverse fully arrives. Unfortunately, anytime new and exciting technologies emerge, cybersecurity is often an afterthought. Cybersecurity will be the Achilles heel of the metaverse. Without a total base-level security build, the entire metaverse will face significant issues that could take years to unravel. 

Welcome to the unsafe metaverse  

The first known mention of a metaverse came about in science fiction back in the 1990s. More recently, Facebook stepped in and transformed itself (and its name) towards a new concept of a personal, customized, and interactive virtual world that it is building while burning $500 billion of market cap in the process.  

Unmute 

By most definitions, however, the metaverse will be a place where physical meets virtual and boundaries between the two become increasingly faint. It will eventually incorporate our world of work, our friendships, where we shop, how we spend our free time, what we eat, how we learn, and countless other applications. The metaverse will have access to our most private information and habits. As people begin to live in these virtual worlds, the metaverse will be able to learn a lot about us, others, and things we would barely consider today.  

If the metaverse is an inevitability, then it is our moral obligation to build one that is safe, private and secure. With the advent of the metaverse, we are going to have to rebuild, redefine and relearn so many things we take for granted in the “real world.” 

What does it mean when you close and lock your front door? Or how about your call screening? How do the security protocols in your life look when you are at home versus how they come in when you are in a public place? How do you know who you are talking to?  The metaverse has so many unknowns that it just cannot possibly be considered safe, by any standards.  

The wild west of the metaverse  

Cue the image of Clint Eastwood for this — at this moment, the metaverse is the wild, wild West. A lawless land that few dare venture into — but just like the old west, some people are ready for the metaverse. Instead of old-fashioned bandits and outlaws, they’re called hackers, scammers and various other names.  

Nefarious types historically gravitate to new technologies in search of opportunities. Already, there are reports of scams in NFT transactions, fraud in Ethereum addresses, and several other types of abuse. Now please remember, all Facebook did was change their name to Meta.      

Where was their plan and commitment to privacy, security or mental health of the users? Crypto, NFTs and smart contracts will undoubtedly be a fundamental part of the metaverse construct. Cyberbullying, doxing, ransom scams and other familiar schemes will also swiftly make their way over to the metaverse and they will be there early. Criminals are attracted to an environment where rules don’t exist, and victims have limited rights. 

One of the biggest risks in the metaverse will be data security and privacy. Before the metaverse, layers of abstraction existed, thanks to the physical world and our carefully balanced engagement through smartphones, computer systems, and apps. In the metaverse, significant engagement will run through artificial and virtual reality systems, creating a nexus point of data that is ripe for targeting. Data collection alone is cause for significant concern, with biometric, behavior, financial, profile information and troves of additional personal information built in.   

Garbage in, garbage out  

If you have been in information technology long enough, you are familiar with the phrase garbage in, garbage out. It’s a bad way of doing things and before we start packing up and moving to the metaverse we must make sure we will be ready for things such as:  

•       Social engineering. As we’ve seen in corporate and individual scenarios, social engineering can lead to a massive loss of data, loss of access, and have financial implications. This is among the primary vectors for data breaches.  
•     Blockchain security. Blockchain itself is strong on the validation of transactions and data. However, the integration of blockchain is an additional concern that bears scrutiny. For example, with just a bit of misdirection, an infiltrator can stage the interception and ownership of data. The network, identification, validation, and supporting DNS structures are examples of technical elements that must be secured. 
•     Privacy concerns. The issues that plague us on the web and in databases everywhere will plague us in the virtual world. Data collection, retention, and sharing are just some of the examples that require definition, the establishment of individual rights, and regulation. 
•       Digital boundaries. Users must maintain their rights of privacy and engagement with others. This matter could be complicated by the fact that there are no countries in the metaverse and no corresponding jurisdictions now. 
•       Security on data transactions. From purchases to smart contracts, a binding construct will drive the exchange of data. The security of these transactions is critical to the success of the metaverse. Time will tell the extent of how general transactions may be regulated, taxed, and reported. 
•       Identity of users. We are, in the physical world, what we are. Our being is tangible. One of the things that will have to be determined is what happens when an exact copy of your digital self is created or restored from a backup. If there’s a conflict, what version should continue to exist? What if a corrupted or erroneous copy comes into existence? What if that copy is intentionally modified or unintentionally wiped out?  
•       Identity of others. Metaverse existence begins with avatars, a visual and perhaps audio-based representation of whatever that opposing creator put together. That user’s identity is questionable until you can confirm who they are in some real-world way that you trust. What about the inevitable presence of bots as we saw in the “meme stock” sagas? Are they friendly bots? Will you even know when you are engaging one? 

Concerns unchecked  

Let us not spoil what the metaverse can be by leaving these security and privacy concerns unchecked. Let us minimize, and hopefully avoid, the deafening noise and infiltration of non-human influence found on social media channels and online forums. The best metaverse is a genuine metaverse forum for humans void of bots and hackers.   

The metaverse is a concept that is launching lots of discussions and it is a likely part of our collective futures, but it needs to be a force for good. For now, the concept is vague, but the cybersecurity challenges ahead of us are clear, and we can act on those right now. 

Check out this piece, originally published in Forbes, here and follow me on LinkedIn.