The Dark Side of the Metaverse: 10 security risks

Meta, Microsoft, Qualcomm, Telefónica… the main technology companies are already investing resources in the metaverse, which is positioned as the big trend with which to offer new experiences to users for the coming years.

Its potential is evident, as is the need to secure this space to prevent cybercriminals from taking over yet another universe.

The hyper-individualisation of content and anonymity are two of the characteristics of the metaverse that could fuel criminal behaviour. This is what Prosegur Research warns in its report Lights and Shadows of the Metaverse. Specifically, ten are the main security risks that exist in relation to this innovation.

As it is an “unregulated economic space”, it is particularly attractive to criminals. “The lack of knowledge on the part of users and companies can facilitate the success of scams through deception supported by technology”, warn Prosegur.

To this must be added already known threats, present throughout the internet, such as ransomware that hijacks computers and encrypts data to demand a ransom in exchange for their release.

Inhabitants of the metaverse could also fall victim to “phishing” through the theft of sensitive data, both financial and biometric.

Another related risk is the use of avatars by malicious individuals to carry out “extortion” schemes. Recording interactions and conversations could be used to threaten the publication of personal information.

“This technology provides a greater sense of immersion that makes it easier for coercion and manipulation schemes to have a greater impact on victims,” security experts warn. This can lead to “perverse gamification”, placing users in compromising situations without really wanting to, such as accessing restricted areas.

On the other hand, the hyper-individualisation of content associated with this technology, which offers a very specific view of the world, can lead to “social and political polarisation”. This is evidenced by the possibility of blocking images and audio that are contrary to the ideas of each particular individual.

All of this opens the door to the “recruitment and radicalisation” of metaversians for incorporation into dangerous organisations, which is aided by the sense of anonymity due to the absence of communication records.

The metaverse, at the same time, facilitates simulations and the transfer of ‘violent behaviour’ from the real world, such as harassment or abuse, to the virtual sphere.

In the same vein, it could enhance ‘criminal e-learning’, the transmission of knowledge and the planning of criminal operations through the replication of attack scenarios, flight simulations or the authorities’ own response forecasting.

Another concern is the “exposure of minors”. “Although the avatar lacks physical presence as such, the fact that interactions between users are real and can take place unsupervised increases the likelihood,” according to Prosegur Research, of circumstances such as “curious minors being exposed to all of the aforementioned risks”.

Finally, there are the “physical risks”. The metaverse is intangible, but its consequences are not. This includes risks to the health and integrity of users, from dizziness and falls to loss of visual coordination or the appearance of sequelae from abusing the technology.