Identity in the metaverse at risk, says former Windows architect

Published at: Dec. 15, 2022

The metaverse is coming for users at full speed. Companies and brands are jumping into digital reality, and according to a recent survey, consumer interest is climbing alongside all the activity.

At the same time, as more users join in on metaverse activity, the risk grows for nefarious activity in digital reality. A report from cybersecurity firm ​Kaspersky revealed that exploitation and abuse in the metaverse are set to rise in the next year.

Threats range from scams, to be expected with digital interactions but also avatar-related identity theft and abuse.

For a better understanding of the dangers and risks users can face stepping into digital reality, Cointelegraph spoke with Andrew Newman, CTO and co-founder of cybersecurity firm ReasonLabs and former architect of Microsoft's Windows Defender anti-malware software.

The primary concept users must understand is that metaverse identity is “likely to become users’ digital identity,” according to Newman.

“As our real-life and online identities continue to merge, the stakes for identity theft on the Metaverse will increase.”

He highlighted that avatar scams have already been reported on platforms like Roblox. The example given by Newman was that the hacker may try to convince a user that they need access to their avatar for a number of reasons, with the ultimate aim of stealing their digital identity.

Although it’s a common occurrence to have digital identity threats, as money or virtual currencies become tied to metaverse avatars, these threats will increase. Newman warns consumers as more money is spent on digital assets for these avatars.

“Just as we are protective of our physical assets, we need to make sure that people protect their digital assets and personal information within the Metaverse.”

The amount and various types of digital assets with real value that users can own is endlessly expanding. This incites that cyber crimes and theft will only become more complex and digital reality expands.

Related: Self-sovereignty in the creator economy and Web3 — Is there room for both?

There is a lot of promise in blockchain and emerging technologies for transparency and security. However Newman says users need to be vigilant nonetheless.

“We shouldn’t assume that our funds are not susceptible to theft simply because they are in the Metaverse rather than in a traditional banking network.”

Another component to identity theft in the metaverse is that minors are susceptible to such threats. In many ways, the metaverse is designed to engage both youth and young adults.

Minecraft, Fortnite, and Roblox all have attracted young user bases. Often, minors don’t grasp the importance of cybersecurity or their digital footprint. Newman said, there are already existing threats minors face in online digital worlds. However:

“Finances might shift over time from virtual in-game currency and items, to more traditional finances such as real money or crypto ties to newer “web3” identities in games.”

This would create more value to be exploited from unsuspecting minors.

Currently many major Web3 developers such as Chainlink, are developing new security protocols for users in digital reality. Developers both inside and outside of the industry are looking to create a global metaverse policy to troubleshoot a list of growing concerns.

Tags
Related Posts
WEF 2022: Metaverse should be developed from children’s perspective, says Lego VP
The Metaverse and Web3 dominated discussions on the fifth day of the ongoing World Economic Forum (WEF). The panel discussion “The Possibilities of the Metaverse” featured Philip Rosedale, co-founder of High Fidelity; Pascal Kaufmann, founder of Mindfire Foundation; Peggy Johnson, CEO of Magic Leap; Hoda AlKhzaimi, assistant research professor at New York University, Abu Dhabi; and Edward Lewin, vice president of Lego Group. The main discussion revolved around the building blocks and prospects of the Metaverse. The panelists discussed the technical aspects, security and role of human sentiments in building a sustainable, augmented reality-based digital world. Responding to a question …
Adoption / May 26, 2022
Web3 games incorporate features to drive female participation
Although there is still an apparent lack of women in the Web3 sector, blockchain-based games geared toward women may help drive inclusivity. A recent report from the Entertainment Software Association found that 48% of gamers in the United States identify as female. It has also been noted that nearly half of all gamers in the world are women. The interest that women have taken in the billion-dollar gaming sector is notable. This, combined with the massive growth being projected by the GameFi industry, is a key reason why a number of Web3 games are being built specifically for female users. …
Decentralization / Aug. 20, 2022
MetaMask Institutional, Cobo and Gnosis DAO team up for soulbound token project
Soulbound tokens (SBTs) are becoming a mainstay in the Web3 space for users and projects to define themselves in digital reality. A Dec. 13 announcement from Cobo, a digital asset custodian and blockchain technology developer, revealed a new SBT project which unites crypto industry giants to cater to users’ developing digital identities. Cobo, MetaMask Institutional and Gnosis DAO teamed up to create “Evolution,” an SBT project, a tool to help users define themselves in digital reality and stay up to date on industry trends. A spokesperson for Cobo told Cointelegraph that since SBTs cannot be sold on the market, it …
Adoption / Dec. 13, 2022
Using blockchain technology to combat retail theft
The retail industry is one of the most important sectors of the United States economy. Unfortunately, the COVID-19 pandemic has left the trillion-dollar retail sector vulnerable to in-store theft. Findings from the National Retail Federation’s 2022 Retail Security Survey show that retail losses from stolen goods increased to $94.5 billion in 2021, up from $90.8 billion in 2020. Some retailers also have to lock away certain products to prevent theft, which may lead to decreased sales due to consumers’ inability to access goods. Retailers look toward blockchain to solve retail theft Given these extreme measures, many innovative retailers have started …
Adoption / Jan. 7, 2023
LastPass attacker stole password vault data, showing Web2's limitations
Password management service LastPass was hacked in August 2022, and the attacker stole users’ encrypted passwords, according to a Dec. 23 statement from the company. This means that the attacker may be able to crack some website passwords of LastPass users through brute force guessing. Notice of Recent Security Incident - The LastPass Blog#lastpasshack #hack #lastpass #infosec https://t.co/sQALfnpOTy — Thomas Zickell (@thomaszickell) December 23, 2022 LastPass first disclosed the breach in August 2022 but at that time, it appeared that the attacker had only obtained source code and technical information, not any customer data. However, the company has investigated and …
Adoption / Dec. 23, 2022