Is the Metaverse a secure place?

The Metaverse does not need an introduction anymore, especially since Facebook changed its name to Meta. Nevertheless, it seems relevant to brush up on some facts before getting into the real deal.

The Metaverse, in the way it is described today, is a decentralized platform not controlled by any one party, based on blockchain technology. Compared to other technologies like your traditional social media, this should mean it is more resistant to censorship and manipulation, while also being more user-friendly than other blockchain applications.

For example, while my grandmother COULD get into crypto, this seems like a stretch to me, mainly because she would not understand the point of doing so. On the other end, I feel like she could be into a parallel universe, a metaverse, that allows her to “see” her grandchildren more often.

The Global Digital Asset Registery supports the idea of an inclusive community surrounding the Metaverse: at some point, everyone will be able to take part in the platforms.

Not only will the Metaverse be the selling place of the future, it is already a huge and ever increasing market. If you are skeptical regarding the business related to the Metaverse, let’s take a look at two numbers :

• in 2022, the Metaverse market is worth a bit less than 62 billion USD, which is already a fair amount for a technology that is still in its early stages
• in 2027 this market will grow to reach more than 400 billion USD, according to estimations

How can we explain such an explosive increase, a six fold multiplication in only half a decade?

Mainly because the endless possibilities spawned by the metaverse are worth at least this much. Indeed, the metaverse will be an incredible place to conduct business : you will be able to reach billions of users with minimal costs, in a secure environment prompted by smart contracts and a blockchain-based architecture.

Wait a second…

Are we so sure about that? Is the metaverse really safe? Let’s take a look!

A flawed mix of technologies

We talked about it, the metaverse is based on blockchain and uses smart contracts in order to ensure the security of its users. And while it is better than nothing, it comes with some drawbacks as well. In a decentralized environment, nobody is an administrator - as the name suggests. This is a problem when it comes to enforcing rules and resolving issues.

Let’s take an example:

If someone grabs your bag and steals your money in the street, who will you be going to? The police. If someone steals you credit card and buys stuff with it, you can declare it as stolen through your bank and get your money back in most cases.

In any way, you have someone to contact. You can pick up your phone and rant to a poor desk employee. Maybe you won’t get back your money, but you have an interlocutor.

Now in a decentralized world, who are you going to call? You have been scammed and need someone to help you… But there is nobody to help you. There is no administrator.

In order to counter this flaw, governments and industry contributors must agree on strong legislations in order to protect the safety of the users.

The inherent problem of moderation is not that hard to prevent, mainly because the different metaverses will be provided by companies that will probably find a way to keep things under control - they usually like to control stuff. But the Metaverse does not solely depend on the blockchain.

The recent interest in this new world is deeply linked to virtual reality (VR), another technology that has improved by leaps and bounds in recent years, be it in quality or scale. VR is fun and all, but it requires a headset at least, and often other devices to be installed. This is a new attack surface for hackers, especially since IoT objects are still lacking when it comes to cybersecurity.

What is the point of having an ultra-secured world if the way to connect to it is vulnerable? We can imagine how a cellphone being hacked is a problem as most of our lives are stored on these devices. But what about a headset that is used to connect to another world, where relationships, business and exchanges can easily take place? Usurping the identity of a user could lead to devastating damage in public relations, finances or even personal relationships.

This is why the resilience of such hardware will need to be closely inspected and validated before it can be said that the Metaverse is a secure place.

A haven for shady people

Social engineering is a way to hack without using technical skills but rather thanks to human liability. For a large scale company, this can translate in some phone calls from hackers that pretend to be employees having a problem. For individuals, this includes the increasing number of fake emails and messages, advertisements and in general, phishing attacks and scams.

While it could be said that general awareness is increasing regarding this issue, the number of scams is forever rising, with scammers getting craftier and craftier. In 2021 alone, more than 8 billion dollards of crypto assets were stolen through simple scam. With such a profitable business, it can be predicted that the Metaverse will quickly become a new playground for such practices.

The Metaverse will be prone to such attacks as it will be even more realistic, hence increasingly deceptive.

This mixes badly with the lack of administrator: how to warn people about a possible scam? How to retrieve stolen assets and identities?

Another challenge is related to the possession of a property in a virtual environment. How to decide who can or cannot enter a property? How to monitor what happens inside these places? Will detecting illegal actions even be possible?

Letting the user sets who can enter into its virtual house seems like an obvious choice, but this could lead to some new kind of cyberbullying (excluding a certain someone from a place). In addition, this grey zone is dangerous in term of laws. Laws on the internet are not as clear because it’s a place shared by people from all around the world.

What will be illegal, and how can it be enforced if some owners have total control of who can enter their house? Will countries’ law really be applied if a private company possesses the key?

An astronomical amount of personal data

As explained, the metaverse is not inherently secured. And this is a massive issue because of the massive amount of data that will be shared while using the metaverse.

We are slowly getting used to share more and more personal data with private companies. Not so long ago, only governments knew our personal details. Well perhaps your doctors were also aware of some details like your height and weight, and what medical conditions run in your family. And your baker knew your name and what type of bread you prefer, but that is it.

Nowadays, an app could ask for all of this information, and more - yes, even what type of bread you like best. Registering on a workout or diet mobile app will require to enter these details about yourself, as well as banking information. And while using the app, it will log how you are behaving, thus creating more data about you.

The Metaverse will not be an exception and will actually further develop this trend: to be able to create a virtual identity, with a virtual bank account and assets, we will need to share a lot of personal data (biometrics, preferences, …). And we will oblige without even thinking about it twice.

And that’s only the data which we know will be collected: headsets will surely collect data as well, while our behaviour in the Metaverse will be scrutinized to detect triggers and stimuli that will make you buy some more stuff you don’t need through targeted ads.

Everyone knows the Captcha some websites use to prove “your are not a robot”. Some recent Captchas don’t ask you to find trains in nine pictures right? That is because it now analyses your actions and judges if you behave like a human.

This is already quite crazy in a sense, but some people are talking about doing the same with the Metaverse, in order to identify yourself. That is maybe the most secure way to assess someone’s identity: passwords are hacked, biometrics can be reproduced. But to forge an entire behaviour is close to impossible. So yes, it would be secured. But this also means an AI is capable of differencing your behaviour from any other user. Scary.

But your data is not only your name, height and how often you touch your nose. It is also your intellectual property. In a Metaverse environment, everything you create is data. And this data may be your property. Or it may be the property of the company providing the Metaverse. If you mold the sand on a public beach to create a castle, you can put your name next to it, take a picture, and that is it. You cannot take it home - firstly, it would be kind of hard, secondly you do not own this sand. What about in the Metaverse?

The fact that it is based on the blockchain should protect what you create from other users, but who knows?

So before creating anything in the Metaverse, we should be extra careful of the intellectual property rules of this world, especially if it could have been impossible to make that in the real world (a huge statue, creating a landscape, a music based on the Metaverse sounds…).

All in all, the Metaverse will not be very different from the rest of the internet: a place with infinite opportunities and knowledge, but also vulnerable and unsafe for people lacking awarness about hardware liability and social engineering.

In order for the Metaverse to become a safer place, three actions must be lead simultaneously:

→ The countries must agree on some international regulations and laws that can enforce a baseline of security for all the users of the Metaverse

→ The companies creating headsets must be very careful and take all the measures in order to ensure their integrity

→ The population must be informed and prepared for the Metaverse and its consequences, be they positive or negative

The internet is a hostile environment