Skip to main content
Tech Radar
  • Tech Radar Pro
  • Tech Radar Gaming
Tech Radar Pro TechRadar IT Insights for Business
Subscribe
RSS
(opens in new tab) (opens in new tab) (opens in new tab) (opens in new tab)
Asia
flag of Singapore
Singapore
Europe
flag of Danmark
Danmark
flag of Suomi
Suomi
flag of Norge
Norge
flag of Sverige
Sverige
flag of UK
UK
flag of Italia
Italia
flag of Nederland
Nederland
flag of België (Nederlands)
België (Nederlands)
flag of France
France
flag of Deutschland
Deutschland
flag of España
España
North America
flag of US (English)
US (English)
flag of Canada
Canada
flag of México
México
Australasia
flag of Australia
Australia
flag of New Zealand
New Zealand
Technology Magazines
(opens in new tab)
Technology Magazines (opens in new tab)
Why subscribe?
  • The best tech tutorials and in-depth reviews
  • Try a single issue or save on a subscription
  • Issues delivered straight to your door or device
From$12.99
(opens in new tab)
View (opens in new tab)
  • News
  • Reviews
  • Features
  • Opinions
  • Website builders
  • Web hosting
  • Security
Trending
  • Best standing desk deals
  • Best cloud storage 2023
  • What is Microsoft Teams?
  • Windows 11 for business

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

  1. Home
  2. News
  3. Computing

Forget what the metaverse might be like, there are more important questions

By Joel Khalili
published 11 December 2021

Securing the metaverse must be the first item on the docket, says Cisco Talos

metaverse
(Image credit: Shutterstock / is.a.bella)

‘The metaverse’ is a term that has been bandied around with great enthusiasm by some of the world’s largest technology companies of late, but the concept remains relatively ill-defined.

If you ask Meta (née Facebook), the metaverse will be a series of interconnected virtual spaces where people gather to work, socialize and play. These cloud-based environments will either be accessed via virtual reality headsets, or otherwise projected onto the physical world.

Microsoft, meanwhile, describes the metaverse as a “persistent digital world that is connected to many aspects of the physical world, including people, places and things”. The company says it thinks of the metaverse as “both a new medium and an app type” that is novel in the same way the internet was back in the 1990s.

If you’re still none the wiser, you’re not alone. The metaverse is still very much under construction; its constituent technologies already exist, but the full picture won’t take shape for many years to come.

However, according to the threat intelligence unit at networking company Cisco, what exactly the metaverse will look like should be a secondary consideration - the first priority must be to secure it.

“The term ‘metaverse’ implies there is a coming revolution in the way we use the internet and interact with one another. However, we need to be aware of the possible negatives,” warned Martin Lee, EMER Lead at Cisco Talos.

“We’re dealing with a new version of the Wild West here; it’s very exciting, but equally dangerous from a cybersecurity and data privacy perspective.”

Move fast and (try not to) break things

Historically, the most successful technology businesses have been those unswerving in their commitment to the “move fast and break things” mantra, coined by Mark Zuckerberg himself.

The problem with this approach, claims Lee, is that product-focused technologists often leave in their wake a minefield of cybersecurity and data privacy problems, just waiting to be exploited by cybercriminals.

“This has been an issue in software development for years; security is too often an afterthought,” he told TechRadar Pro. “And every time there has been an evolution in the way we communicate, it has brought out the dark side of human nature too.”

“The scammers and fraudsters of this world have time and again demonstrated their capacity for innovation. They have always been keen to adopt new platforms, which provide a new forum for criminal business models, and there’s no reason to believe the metaverse will be any different.”

Metaverse

(Image credit: Shutterstock / is.a.bella)

According to Lee, the first step is to raise awareness of the potential threats among regular users. An informed public is better equipped to recognize an attempted fraud and make decisions about which facets of the metaverse to participate in.

Second, he says it’s important to demand that security is baked into the equation from day one of development. Given most pundits think the metaverse won’t come to fruition for many years yet, there should be plenty of runway to make this happen.

In practice, however, securing the metaverse from its conception may prove difficult. Given this series of virtual environments is unlikely to be owned or governed by any single entity, and given the likelihood cryptocurrency will play a role in transactions between metaverse constituents, identifying who is responsible for preventing fraud and cyberattacks will be no simple matter.

Presented with this conundrum, Lee conceded that it’s not a problem society has yet figured out how to solve. The internet was created three decades ago, he noted, and it’s still non-trivial to determine who is responsible for policing a digital crime, because the internet “in many ways transcends national borders”.

“In the physical world, we have governments, law enforcement and courts where we can take disputes,” he said. “So when these new metaverse environments are created from scratch, it will be important to clarify who is policing them and what recourse users have when something goes wrong.”

Identity in the metaverse

Another crucial part of securing the metaverse will be establishing a robust system for identity verification. In a world in which everyone is represented by an avatar, identity fraud could become all the more pervasive and dangerous.

“In the real world, we have identities and consequences for our actions that affect our personal reputation, but that real-world identity is decoupled in a virtual environment,” Lee told us.

“In the metaverse, you won’t know whether people are who they say they are, or whether they are trustworthy. The issue of who is who in these virtual worlds is yet to be resolved.”

In addition to spear-phishing attacks and financial fraud, it’s easy to imagine how difficulties with clarifying identity in the metaverse might be used for catfishing or stalking purposes.

It is also predicted that people will attach cryptocurrency wallets to their metaverse avatars, which Lee describes as a “gift for the bad guys”. And non-fungible tokens (NFTs) are expected to play a major role too, perhaps in the form of digital items of clothing, which will create opportunity for further scams.

Cardano

The use of cryptocurrency in the metaverse is expected to create additional risk. (Image credit: Shutterstock / AlekseyIvanov)

Public blockchain, the technology that underpins both cryptocurrency and NFTs, is maintained and operated by no single entity. This is useful for anyone worried about the dangers of centralized power and single points of failure, but not so useful when it comes to addressing wrongdoing.

“If you’re engaging in the exchange of value in one of these environments, what are you going to do when the other party doesn’t fulfil their end of the bargain? When you hand over cryptocurrency but receive nothing in return?” Lee asked.

“We have already seen evidence of digital goods being counterfeited and large thefts from cryptocurrency wallets, and we certainly envisage these sorts of scams happening in the metaverse too.”

With regards how these problems might be addressed, Lee reiterated the importance of educating consumers so they are better equipped to protect themselves. But end users have never been particularly good at looking after their own interests. For example, despite repeated warnings about the dangers of simple and duplicate passwords, many people are still guilty of terrible password hygiene.

Solutions like multi-factor authentication may go some way to shielding against phishing and fraud in the metaverse, Lee says. Another option is to mandate biometric authentication, which would drastically reduce the opportunity for impersonation-based attacks. But this would require people to be willing to sacrifice either convenience or their biometric data for the sake of security.

Cost-benefit analysis

For someone who spent the duration of our conversation methodically setting out the dangers associated with the metaverse, Lee is surprisingly sanguine about the value it could deliver.

Asked whether he thinks the companies positioning themselves as architects of the metaverse (Meta, Microsoft, Google etc.) can be trusted to build out this new medium in a responsible manner, Lee declined to comment. But he did express a level of enthusiasm about the possibilities the metaverse represents.

“Generally, I’m optimistic about where this is heading,” he told us. “These virtual worlds will be full of opportunity and have the potential to have an enormous positive impact on our everyday lives.”

“Of course, there are also costs. As the metaverse evolves, it will be about minimizing the potential for abuse, by improving the level of awareness among consumers and applying pressure on the companies responsible for building it.”

The proclivity of technologists to prioritize product over security is next to impossible to extinguish - at least to some extent, it’s the reason for their success. However, if end users demand their security is taken seriously, Lee suggests, technologists will have no option but to take notice.

  • Shield against security threats with the best antivirus services around

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

By submitting your information you agree to the Terms & Conditions (opens in new tab) and Privacy Policy (opens in new tab) and are aged 16 or over.
Joel Khalili
Joel Khalili
Social Links Navigation
News and Features Editor

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He's responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

See more Computing news

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site (opens in new tab).

  • About Us (opens in new tab)
  • Contact Us (opens in new tab)
  • Terms and conditions (opens in new tab)
  • Privacy policy (opens in new tab)
  • Cookies policy (opens in new tab)
  • Advertise with us (opens in new tab)
  • Web notifications (opens in new tab)
  • Accessibility Statement
  • Careers (opens in new tab)

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.