Latest Release: Trend Micro Security 17.8.1121 for Windows is Here! Stay ahead of cyber threats! Upgrade Now!

tm_kree's profileBrand User
Trend Security Expert

Trend Security Expert


827 Messages


33K Points

Friday, May 21st, 2021 3:18 AM


Virtual and Augmented Reality Threats. Are we prepared enough?

Virtual and Augmented Reality Threats. Are we prepared enough?



Virtual and Augmented Reality, sounds futuristic, right? It is a new form of entertainment and also transforming experiences to make our lives easy. However, just like any new technology, it will be targeted for exploitation to be used for personal and monetary gains. With possible risks ahead, are we prepared to explore the world of Virtual and Augmented Reality?



Virtual Reality vs. Augmented Reality


Virtual reality is a simulated experience that can be similar to or completely different from the real world while Augmented Reality is not a simulation of reality – rather, it integrates and adds value to the user’s interaction with the real world.


Virtual Reality


ImageVR gif from Pexel



Augmented Reality



AR gif from PokemonGo






VR/AR systems can collect more personal information compared to others, and this can seriously affect user privacy.


1.  VR/AR headsets with live mics can record all conversations

2.  Head-mounted devices with always-on cameras can record videos of private spaces.

3.  Eye-tracking technology can record what a person looks at

4.  Possible biometric data collection


There are privacy policies that protect you from getting your personal information and would improve its accuracy over time, as more people buy AR and VR products. However, these guidelines are often vague, and many are generic company-wide policies that do not specifically mention VR and AR privacy at all.




Identity Threat


One security risk we are looking into is your personally identifiable information.

A good example is playing a VR/AR game where you can create a representation of yourself in a virtual world by answering specific questions about yourself.


In a future scenario, a malicious actor may copy your avatar, which is a digital representation of yourself. They can even use any facial gestures you shared and that level of detail can fool not just companies, but also your family and friends.



Altering Reality


Altering what can you see inside the VR/AR system could be a risk. Here are possible examples of how our virtual experience can be exposed to inappropriate content:

1.  Changing a red traffic light to green

2.  Injecting ads into people’s views

3.  Malicious actors trick drivers into thinking a road went straight when there is a tight curve coming up, causing serious accidents.


Fortunately, these are just imaginary scenarios for now. But how far are we from this kind of reality?’



Blackmailing and Sextortion


Malicious actors make use of the VR adult entertainment's popularity and resort to sextortion email. They would try to trick you into believing they have evidence you’ve visited adult websites and urge you to pay them so they don’t leak the content.

It is an unpleasant experience to receive such an email, keep in mind this is fake.



Malicious Spyware Apps


As long as there is a potential platform where apps can be installed, malware creators will definitely take advantage of it, creating Trojan apps that offer a VR/AR experience as a decoy.




How can we practice a safe VR/AR experience?


Don’t disclose information that is too personal or unnecessary! Be careful in providing your Personal Identifiable Information over the internet, make sure to understand first why you need to provide such information.


Review privacy policies. Do your best to find out how the companies behind the platforms you create accounts on store your data, and what they do with it.

It is your right to know and it is our responsibility to be well-informed.


Make sure you are using the Internet safely. Use VPN services to keep your identity and data private on the web. If you join any VR and AR online communities, be careful what websites you end up on. You should also be using a proactive Internet security solution, that makes sure every link you click is safe.




Trend Micro Researcher

Jose Ojinal

No Responses!

Need Help?

Ask the Community

Latest Tech Insights