Let’s face it; data breaches are certainly nothing new, and trolls have been scouring the internet for victims since the dawn of the proverbial ‘4chan god’s reign’. However, recent accounts suggest that these individuals who choose to prey on the innocent users of the world wide web are now taking things even one step further. They are doing this with the inclusion of new advancements in technology and the popularization of fairly insecure devices as well as the manipulation of certain common online elements. In turn, a new form of virtual attack has been developed and the outcome is nothing less than disconcerting for both the average consumer utilizing this technology as well as the IT world developing it.
Virtual Reality and GIF’s- Visual Terrorism
In 2016, over 6.3 million VR headsets were delivered worldwide. Virtual Reality’s impact on our world has been nothing short of astonishing, from using haptic gloves to interact with 3D modeling in a practical manner, to using VR to help stroke victims regain control of weakened limbs, to video games that truly leave you feeling as though you’ve entered another world altogether and travel destinations in the palm of your hands in a matter of seconds (or however long it takes to download the content).
However, despite this technology being extremely enticing for many aspects of our world including healthcare, business, travel, and gaming, one thing that continues to be overlooked regarding these headsets are their security measures and how they affect the user. Steven Teppler, a technology attorney and adjunct professor at Nova Southeastern University Law School has been making these security issues a priority and addressing them frequently after seeing the flaws in this tech and how it could significantly affect our idea of cyber attacking and the lives of the millions of headset users across the globe.
In an recent interview, Teppler stated, “As these new technologies are being rushed to market, the appropriate privacy and security considerations are not being adhered to or paid attention to…we don’t even know what is ‘up to par’ in terms of security.” The truth is that Teppler, along with countless other individuals are noticing these flaws and, yet, the supply and demand of these devices are conflicting with the actual time it takes to create fully functional and capable security measures in the process.
Due to the fact that the VR market has not only raised over $2 billion in AR/VR investments in the last 12 months but has also created a massive demand throughout the world, these companies at the forefront of this new technology have chosen quantity over security-related quality and this is where the issue lies. Not only are these devices equipped with weak security, but they also happen to carry quite a bit of information about the user as well.
In fact, these devices carry improperly protected personal information that consumers and other users submit to the makers of VR gear and related software applications as part of product registration and payment processes. On top of this, recordings and other private information is consistently being collected when the device is in use and geolocation regarding AR is recorded as well for marketing purposes without the user’s consent. Similarly, payment and personal financial information is submitted as well to tech and app vendors for use regarding the buying of connected software and games. However, with a security mainframe that is far from proficient and the malware on VR apps in the cloud where VR platforms are hosted being open to attacks likewise, this information is free game for most qualified hackers and the outcome of this is both data intrusion and manipulation as well as identity theft.
Last year, this personal information collecting was strongly opposed after the Oculus Rift was said to collect your email, occupation, date of birth, and place of residence when being registered. Despite this, the Oculus Rift still takes in this information and AR devices utilize geolocation to create ads that specifically target you based on your location and interests. On top of this, Oculus Rift collects online transaction and web and app usage patterns to suggest items that are similar. However, this means that hackers are able to collect your data and inevitably perform transactions in your name once the information needed is collected.
Aside from all of this, perhaps, the most dangerous thing that VR headsets are vulnerable to is visual terrorism. It has frequently been suggested that Virtual Reality headsets, when worn for too long can lead to headaches and dizziness but, recently, it has been suggested that these feelings can actually be used against you. In fact, one of the largest threats this technology faces is the possibility that individuals could hack into these devices and create virtual worlds or images that would induce negative effects such as dizziness, nausea, blurred vision, muscle twitching, headaches, disorientation, and even seizures.
Although, to some, this may seem like a simple prank, if a foreign intelligence could receive this information and use it against the nation of its choice, this could lead to countless individuals being visually attacked and, possibly, the death of some of these individuals. For instance, if a hacker could create an image that flashed colors in the right way, this could seriously injure anyone who is prone to seizures and even possibly lead to their death if not handled correctly. Therefore, this new form of visual terrorism is a serious issue regarding the security implications of VR and should not be taken lightly.
Although not regarding the VR world, in particular, the use of visual terrorism has already become an issue in multiple situations on the web including a situation which happened this month in Texas. John Rayne Rivello, a Texas resident, recently tweeted a seizure-inducing GIF file to Newsweek journalist Kurt Eichenwald with the title ‘you deserve a seizure for your post’ below it after being upset by his comments regarding the Trump administration and due to the fact that Eichenwald is Jewish. Eichenwald is epileptic and said that the image which was a series of flashing colors was a direct attack based on his diagnosis intending to severely injure, if not kill, the writer. Luckily, in this case, the court was able to determine that this was, in fact, a direct attack towards the individual regarding his condition and was able to state that ‘A Tweet, a Graphics Interchange Format (GIF), an electronic device, and hands’ could be considered deadly weapons. In turn, Rivello faced charges of ‘assault with a deadly weapon’ and ‘hate crimes’ against Eichenwald and will inevitably face up to ten years in jail for these crimes.
However, many times, the individual responsible for visual terrorism is never found and this is where the problem lies. With an attack on a VR headset, in particular, this is a 360 degree image being relayed to the seizure-prone individuals and, with proof that a simple GIF can induce a seizure as well as proof that these attackers are rarely found, this kind of a visual terrorist attack could lead to countless deaths with no repercussions for the responsible party in the process.
Telemedicine- Taking Data Intrusion To An Unsettling Level
In the healthcare industry, advancements and staying ahead of industry changes is the name of the game. However, not all of these technological advancements are proficient from the start. Last year, we were able to see multiple serious situations stemming from the use of telemedicine and devices connected to the IoT. Today, this issue is still a major factor as to why the healthcare industry has not entirely embraced telemedicine just yet and the concerns regarding this aspect of the popularization of tech are overwhelming.
For instance, Virtual Reality has begun to play a large role in the rehabilitation of stroke victims due to the fact that it tricks their brains into thinking that the affected limbs are more accurate than they really are. However, if these same patients undergoing rehabilitation treatment were to be visually attacked as we have discussed above, this could lead to these individuals facing yet another stroke, having a seizure, or even dying. Therefore, the security of these helpful devices must be improved upon before it affects countless lives and their health.
Similarly, multiple devices in the healthcare industry have begun to connect to the IoT which should be a means for celebration of modern technological advancements. However, this is not the case. In fact, studies suggest that one in three Americans are affected by healthcare breaches and the biggest concern regarding these breaches come in the form of pacemakers and surgery.
For a while now, the idea that surgeries could be completed more effectively by robots being told what to do as opposed to a surgeon has been a topic of interest in the tech world. However, some fear that this could lead to yet another way for hackers to transform the IoT into a deadly weapon. By attacking weak devices and spreading malware, these machines could become vulnerable to all kinds of malware, botnet, and data breach attacks.
Although it has been speculated that surgical nanotechnology, if secured properly, could be the future of safe and risk-free surgical operations, the fear is primarily that security would still be vulnerable to some degree leaving a slight chance of disaster in its wake and that this removal of certified professionals is one of the main ethical dilemmas faced by today’s healthcare administrators. However, these kinds of surgical operations could save thousands of lives yearly as surgeries are often done improperly by surgeons who are capable of making mistakes these robots intend to do away with.
For instance, this last year alone, multiple individuals suffered from hernia surgeries that were improperly done and, in turn, countless hernia mesh lawsuits were filed against surgeons across the nation. This is exactly the kind of issue that this technology hopes to phase out, although, proper security measures are crucial before this tech can successfully and safely be utilized.
Similarly, pacemakers are a huge issue regarding the IoT’s security and the healthcare devices connected to it. In fact, recently, researchers hacked a pacemaker within a mannequin to show just how easily it would be to kill an individual once hacked into the device’s software. With countless individuals across the globe in need of these devices, the security measures put in place to ensure they can connect without being vulnerable to hacks is all the more important.
Lastly, another concern regarding technology in healthcare is data retrieved from patients. Big Data and data mining remains a viable source for radiologists, surgeons, and nurses alike as it provides them with the information necessary to diagnose individuals. However, this information can be easily used against patients if retrieved and manipulated properly. In the last year alone, millions of healthcare data breaches occurred leaving the files of individuals in the hands of hackers that were both capable and dangerous in nature. The manipulation of certain drugs to give patients or not give them, the devices they can and can’t use, their identity, and even their jobs are at risk when this occurs leaving millions vulnerable in the process.
On top of this, by examining the technologies used to create medical images, you can see how connecting these devices could mean serious consequences for the patients involved. Therefore, telemedicine security certainly has a ways to go before it can be considered a viable and safe alternative to traditional medical care. However, if these security measures are met, telemedicine could also save the lives of billions of individuals and redefine what we think of as healthcare altogether.
The IoT- Disaster On The Horizon
We’ve prefaced some effects the IoT will have on our security and our world as a whole above, however, this is far from the extent of its ‘cyber power’. Perhaps, one of the most concerning effects it will inevitably have on our world could come in the form of everyday life and the devices we rarely pay attention to. The use of the IoT for stoplights, water supplies, self-driving cars, and even automated home systems may be a giant leap into the future that Walt Disney once hoped to show us (I’m still a bit broken up about Tomorrowland’s closing, so deal with it), but, unfortunately, this may create the complete opposite of the happiest place on earth in the process.
All of these technologies are common in our world yet we rarely give them the credit they deserve. Without these devices, we would ultimately be a far less civilized and organized society. However, just like , these devices, if connected to the IoT, could be hacked into with time and lead to nothing but chaos. For instance, if these hackers could turn lights green at just the right time, major collisions would ensue, if they could break into water supplies, they could easily cause floods, remove water supply to whole cities, or even poison said water, and if they could hack into a self-driving car, they could easily cause crashes and target high-profile individuals within the car in a far more sinister way. In turn, our civilization and the safety of anyone and everyone within the targeted cities would be in jeopardy.
In the end, the safety implications regarding modern technology must improve drastically. Without proper security measures and encryption, these devices and advancements could go from the foundation of our future to the pinnacle of our destruction as a planet. In order to prevent these kinds of attacks, we must recognize that, in cases regarding technology of this stature, quality is most certainly more important than quantity. By doing this, we can begin to create a more structured world, prevent attacks rather than repair their damage, and create a world that not only embraces technology but also understands the power that it holds and the importance of keeping it secure for their benefit.