Story image

Augmented reality: What are the cyber security dangers?

26 Oct 2016

Augmented reality is back in the spotlight after popular apps like Pokemon Go revived the technology.

However, according to Ixia, organisations that use these kinds of applications within their business are at risk of security breaches if they don’t prepare appropriately.

“There is a lot of commercial potential in AR but organisations often to realise that the type of traffic that enables AR includes IP address, location, type of device, user permissions, and more,” says Scott Register, vice president, product management, Ixia.

“If hackers intercept this traffic, it can reveal a lot about the user and the network, putting both at significant risk. The potential for security breaches is so high that certain organisations, like the US Pentagon and the Israeli Defence Force, have banned employees from using apps like Pokémon Go,” he explains.

According to Register, Ixia’s Application and Threat Intelligence researchers recently analysed communications between the Pokémon Go app and the servers of Niantic (the app’s developer), and found that the app uses the device’s location data to deliver information to users.

He says a hacker can combine that information with other personal information available through the app, such as Google profiles, histories, and past searches, to build a detailed, targeted picture of the user’s behaviour.

 “The nature of AR is personalised to the user’s individual situation, revealing valuable information to cyber criminals. They can then use this information to target people and organisations at will,” Register says.

Register warns popular AR apps can also be fake, with the false version including embedded malware that can let cyber criminals capture user credentials, intercept data and communications, or download further malware to the organisational network via the device.

“Many of these risks are already present in mobile apps and bring-your-own-device (BYOD) scenarios. However, the type of data exchanged in an AR situation makes it even riskier. It’s therefore essential that organisations put security measures in place before the next AR craze hits,” he explains.

Ixia has identified three key steps to protect against security breaches as a result of mobile AR apps:

1. Mobile device management (MDM) It’s important to have a strong MDM solution place to manage the myriad devices employees use, from smartphones and tablets to laptops.

2. Employee training Making employees aware of the risks is crucial, since cyber criminals are well-versed in taking advantage of human error and carelessness.

3. App traffic visibility It’s important to have comprehensive, real-time visibility into all network traffic, all the time, to protect against sensitive data being exposed. Organisations should look for intelligent filtering and distribution, including across layer 7 application flows and encrypted traffic, with zero packet loss.

“Without end-to-end visibility, AR could all too easily mean additional risk for the organisation,” says Register.

“Businesses shouldn’t avoid AR; after all, it can offer significant benefits. But it’s essential to understand the risks and protect your organisation against them.”

Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
SIS announces a partnership with Platform 4
“We are looking forward to a strong future in the New Zealand security industry with this global giant as our strategic partner."
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Kiwis know security is important, but they're not doing much about it
Only 49% of respondents use antivirus software and even fewer – just 19% -  change their passwords regularly.