The Security risks with augmented Reality and ways to combatSunil Gupta
Augmented reality is going mainstream. In the most simplistic terms, augmented reality or AR can be defined as a technology which overlays a computer-generated image on a user's view of the real world, thus providing an amalgamated or composite view. As more and more developers the world over are building innovative applications for the technology, more and more security risks are rearing their ugly head. Like every other digital technology, AR isn’t free from security issues. Breaching of AR systems by hackers can have horrifying implications.
While virtual reality creates a totally artificial environment, AR overlays computer generated information, audio, video and haptic signals onto a user’s usual field of vision, hearing or sense of touch. Such overlays can be in the form of - a physician located at a remote location using AR technology to guide a surgeon through an operation procedure or maybe a navigational data to guide a pilot.
As augmented reality marries the digital world with the physical world by overlaying the later, cyber security risks can seamlessly travel and move over to the physical world. A compromised navigational data can lead a driver to do things he normally wouldn’t have done. The risks are much higher if it’s compared to virtual reality because there nothing is physical and what person sees is only an imitation of the real world. In case of augmented reality, only one part is simulated or computer generated, and the remaining parts are all physical.
Exploitation of AR systems, therefore, can have very serious implications. For example, a hacker can manipulate a navigation system to show the driver a false computer generated speed limit signage or a wrong road route. Or for that matter, a malicious application can leak a person’s geo-location or field of view to criminals with ulterior motives. AR is very much capable of causing ‘significant disruptions (to safety, privacy, finance or operations) if breached’, as put forward by report titled, Emerging Technology Domains Risk Survey.
A typical augmented reality architecture includes browsers, channels and servers. Like web browsers, AR gateways extract and display website content, they also allow AR channels or applications to get admission to sensors, develop graphic objects and integrate visuals into a given user environment.
AR’s vulnerability to security risks can be attributed to these following factors:
Unreliable content - AR browsers simply facilitates the augmentation process but the content is created and delivered by third party vendors and applications. This brings up the question of unreliability as AR is a comparatively new domain and authenticated content generation and transmission mechanism needs to be proven. Variety of cyber threats like spoofing, sniffing, data manipulation and man-in-middle attacks can make the content unreliable even if the source is authentic.
AR lacks a uniform or standardized security standard. Augmented Reality Markup Language (ARML) doesn’t have comprehensive security controls and neither are they followed universally.
Additionally, AR portals depend on web browsers, but these browsers do not support AR functionality. To make AR options available, developers come up with tools which disable Web browser security filters, thereby making such browsers susceptible to security threats.
How can you enhance AR’s security
Typically, AR hackers directly embed malicious content into applications via advertising. Many attackers control the AR channels directly. Unsuspecting users may click on such ads that leads to hostage websites or malware infected AR servers that houses untrusted visuals. There are also network attackers who can monitor interactions between AR browsers and users.
Augmented reality services should limit channel registration policies, implement accurate filters for image recognition and provide information on AR content origin before any page is downloaded.
There’s a lack of interoperability between augmented reality components, so direct browser-to-server communication is hard to establish and most AR servers present today does not have strong security protocols in place protect user information, identity and data. These are some of the fundamental issues that need to be addressed to keep AR users safe. The number of AR applications downloaded on to smartphones and tablets will reach 2.5 billion by 2017, so securing these applications is imperative.
Augmented Reality and Security Concerns