Virtual Reality Security Risks and Protection Tips

2 October 2019
Content from our Premium Partner
David Balaban Security (Zurich)

Digital technologies never cease to develop and amaze. Virtual reality (VR) is one of the industry's latest innovations. VR is currently pretty much a work-in-progress, yet early versions of the technology have already brought great excitement to users. Virtual reality puts users in an almost perfect digital environment through the use of helmets or goggles. While the digital environment is essentially a fiction, VR works by making the user an integral part of that virtual world.

Thanks to graphics enhancements, digital objects are transformed from mere pixels into interactive elements. Users are able to interact with digital objects as if everything is physical and tangible. VR is a true wonder, but unfortunately, the public's fascination with the technology seems to leave out the desire to know more about the potential security and privacy risks it may bring.

Since the basic idea is to make digital objects appear and behave in the same way as their physical counterparts, VR has been widely used in many different industries. For example, the aerospace and defense industries use VR technology to create flight simulation. Healthcare professionals, especially surgeons, utilize the same technology for the same purposes. Let us not forget that the gaming industry also plays a great deal in introducing VR to general consumers. VR is growing at an impressive pace with every new simulation model and gets adopted by a broader range of business sectors. At the same time, this rapid growth appears to lack focus on educating users that VR can be subjected to security threats such as malware and phishing attacks .

As the technology becomes more popular, security concerns associated with it also grow bigger. It is no longer only about getting headaches or nausea from wearing the goggles for an extended period of time, but also the ability of VR to provide a pathway for cybercriminals to compromise our privacy. Because the technology is embraced gladly by both general and corporate users, anybody without exception needs to consider all possible security concerns.

VR market is expected to grow to nearly $45 billion by 2024 . Ideally, that number should include the development of security software to help improve the overall user experience. Professionals and general consumers must be proactive in making sure that the digital environment is, in fact, secure from cyber threats. Bear in mind that the market has expanded into multiple industries – such as healthcare, defense, and finances – where security and privacy are of the utmost importance.

Potential risks

VR gear is comprised of digital devices on which users can install and use digital products such as applications. Just like desktop computers and smartphones, the potential security risks include information theft performed by malware. Users are often required to submit personal information to the VR application developer as part of the registration and payment processes.

Hackers may trick users into downloading and installing fraudulent applications such as games and simulated environments. The basic idea is similar to that of computer viruses, the only difference is the device and operating systems.

Another major concern is the lack of transparency on developers' part regarding what data they collect and how they use the information. The vast majority of users do not know what kind of data is collected during their activities with VR.

Protection Tips

Up until this point, discussions about VR security issues remain scarce. Taking into account the wide range of data being transferred across the VR products (login credentials, payment information, geolocation data, facial recognition, etc.), we will eventually need to have an open wide-scale conversation about the topic and how to implement robust security methods to protect our privacy.

Security is an on-going process. We cannot wait until a proven-reliable system is put in place. We use VR already now. This is not to say that you should avoid VR. As long as you exercise the following precautionary steps, you can minimize the risks to a great extent.

    1. Vet the vendors

Some of the prominent names dominating the VR industry at the moment include Oculus Rift, Samsung Gear VR, PlayStation VR, Windows Mixed Reality, HTC Vive, and Google Daydream. There are also hundreds of developers offering virtual environments compatible with various VR devices. Before adopting the technology or using any VR product, it is good to be well-informed about the companies' or developers' track records. Be proactive and persistent when asking whether the devices and applications have several layers of security to defend against malicious attacks. Remember that some companies rush and launch a lot of new products, putting security factors aside.

    2. Read the fine print

As with nearly all digital products these days, VR devices and services come with "Terms of Service" that most users ignore. We just click the "Agree" button without reading a single word. "Privacy Policy" may include information regarding what data the device/application can collect and how the companies use such data. If you have to disclose information that is too personal just stop using the product.

    3. Use VPN

Virtual private networks are intended to change your IP address and allow you to hide your real current location. Many VR applications such as games and simulators require an Internet connection to work. VPNs can help minimize the risk of a privacy breach. Premium VPN services come with advanced encryption to secure your data which is in transit.

In an ideal world, companies encrypt all users' data and never share it with third parties. This is, however, not an ideal world. We cannot blindly trust any company to keep our data safe. Let us be smart and implement proactive security defenses with any digital devices or products, including VR.


AllAfrica publishes around 700 reports a day from more than 140 news organizations and over 500 other institutions and individuals, representing a diversity of positions on every topic. We publish news and views ranging from vigorous opponents of governments to government publications and spokespersons. Publishers named above each report are responsible for their own content, which AllAfrica does not have the legal right to edit or correct.

Articles and commentaries that identify as the publisher are produced or commissioned by AllAfrica. To address comments or complaints, please Contact us.