In this article, you'll learn about the dangers of using virtual reality (VR) in healthcare and how a gif in a VR headset can turn into a deadly weapon. Our culture strives not only to improve existing technologies, but also to develop those areas that previously seemed fantastic. This development carries a certain danger. Questions arise: are the pillars of the technical industry capable of controlling the power that they themselves introduce into our lives? Today, strict security measures are vital, but are we sticking to them? And, if not, then what will the almost daily consumption of the products of technological progress result in for the average person?
For companies like Sony and Microsoft, virtual and augmented reality are a great way to develop and experiment. But perhaps the time for widespread availability of such technologies has not yet come? More than 6.3 million VR headsets were purchased in 2016. This has security experts concerned that the technology is not as benign as companies make it out to be, and that a lack of security measures could be disastrous.
How VR/AR affects the consumer
Last year, more than $2 million was invested in the virtual and augmented reality industry. “Today, the latest developments are introduced to the market as quickly as possible, trying to get ahead of competitors. Because of this, the risk of making a mistake increases, says Laduma CEO Ben Smith. — The truth is that these devices are not as safe as the manufacturers declare. Many companies are rushing to meet demand and bring VR/AR devices to the market without properly checking safety standards, which is only feasible over a long period of time.” Regarding the security of VR headsets, three problematic issues can be noted. These are visual terrorism, botnets and phishing. The concept of “visual terrorism” is quite simple to explain: it means that you can be visually attacked at the moment when your eyes are millimeters from a huge bright screen. A recent case was a visual attack on Newsweek journalist Kurt Eichenwald using a “gif” (gif file), which the court ruled to be a deadly weapon. Cybercriminal John Ryan Rivello sent Eichenwald a GIF consisting of a series of flashing colors on Twitter with the caption “I hope this gives him a seizure,” and later sent the same image to one of his friends. Eichenwald suffers from epilepsy, and after watching this animated picture he suffered a terrible attack that was almost fatal. The court ruled the file to be a deadly weapon, and the attacker was convicted of using it.
It's no wonder that many experts are wary of this use of VR technology! Some VR gamers have complained of nausea and severe migraines while traveling through virtual reality created by industry giants. But what if some hacker specifically created visuals aimed at people prone to seizures or similar diseases? This is what visual terrorism is. With botnets (a botnet is a computer network consisting of a number of hosts running bots - autonomous software), the situation is similar: undeveloped security standards turn VR devices into potential targets for criminals. Just last year, malware through botnets successfully attacked a huge number of users. In particular, the Mirai botnet, which broke all imaginable and inconceivable records. Mirai uses a table that lists over 60 common usernames and passwords. With their help, the botnet was able to target security-vulnerable devices, such as smartphones and cameras, and infect them with malware. Infected devices monitor the server responsible for managing the botnet (command and control server, C&C server) in order to bypass anti-DDoS protection. Simply put, the problem is that VR devices can be easily infected, which can lead to massive data failures and malware attacks that can shut down even large companies, wiping out their data in a matter of hours. For the user, this may mean not only that the device is no longer functioning, but also that personal data is in the hands of an attacker. Finally, phishing is one of the most likely potential forms of attacks against VR gadgets. Phishing is a technique in which hackers pretend to be someone they are not. An example of phishing is a fake bank website with a URL and design that resembles the original. Such sites are created to collect logins and passwords of bank clients. Under the guise of updating the system of a VR device, users can be forced to let a Trojan into the network, which will lead to a leak of passwords. With the help of visual images it will be easier for hackers to do this. Because of VR, hacking may become an even more alarming trend. It is important to understand exactly how we can strengthen security measures. Moreover, this is a problem not only for consumers using the technology, but also for professionals seeking to implement it in areas of confidential information, such as company data or personal patient data.
How does this impact the healthcare industry?
As telemedicine and related technologies have become widespread in the healthcare industry, it is no surprise that VR is moving in their direction. Virtual reality headsets are already being used to rehabilitate stroke victims, and are even helping medical students learn more about the human body and practice performing surgeries without the patient physically present. However, the main issue is still the same: ensuring communication security. By connecting devices to databases containing personal patient records, hackers are able to access this information and use it against the patient. They can steal personal information and even sell this information on the black market. With the digitization of almost all personal data, our carelessness about the security of our gadgets and medical records becomes especially dangerous. You need to be damn careful with this information! If it falls into the wrong hands, it could very well lead to the death of patients. We mentioned that VR is starting to be implemented for realistic training of future surgeons. Thanks to technology, young specialists practice performing complex operations that they would not normally be allowed to perform.
A virtual reality helmet is useful for remote diagnostics or consultation; Moreover, the doctor may even be on another continent. But this again raises questions about hospital security, especially given the recent ransomware attack that affected 16 NHS hospitals. It's not surprising that health officials are still leery of the new technology.
How does this affect business?
In 2016, 45% of all organizations affected by cyber attacks were in the business sector. The reason is the careless use of cloud technologies and the Internet of Things (IoT). With the growing popularity of wearable gadgets and the development of the Internet and communication technologies, more and more specialists can work from home. A good example is web designers, journalists and even medical consultants. However, the inclusion of personal devices of such remote employees in corporate networks leads to potentially dangerous situations with possible information leakage. Hackers can easily hack an employee’s smartphone that does not have a corporate firewall installed, and through it enter the company’s network and steal information. What does virtual reality have to do with it? The fact is that companies that have several offices, sometimes in different cities or even countries, are looking at using virtual reality to improve their security systems, given that their employees work in different places, sometimes from home. It is very easy to imagine a “virtual” presentation of a new product with 3D models without paper and the need for employees to be in the same room! However, these devices have weak security and open up a completely new way for attacks. VR could lead to massive hacks larger than the largest DDoS attacks. Using any of the above methods, hackers could break into company databases and obtain employee and customer identities, as well as financial information needed for theft. Moreover, this could significantly affect some areas of the industry, such as the automobile and telephone industries. For example, the big news that the first autonomous cars are coming to Texas will mean a huge number of IoT-enabled cars. Probably, the level of safety of such cars is also insufficient. Considering all of the above, a hacker can easily hack into the network that the car is connected to and then control the car from afar. If you use your imagination, you can understand that if the security situation does not change, an attacker will be able to organize a terrorist attack using our own cars. Finally, with the widespread adoption of wifi and wifi calling, many operators are thinking about the negative consequences of using this technology. For example, due to the fact that these calls rely on network connectivity and the devices are not well protected, they are easy targets for DDoS attacks and malware. A hacker can easily use the devices to create a completely infected network.
Ultimately, tech giants can make billions from virtual and augmented reality devices, but without guaranteed security measures, nothing good will come of it. It is important to remember what exactly makes these devices vulnerable, and how we, as users, can counteract this. In conclusion, you should not throw away your VR headsets just because the safety measures are not perfect. Better protect your devices. Create strong passwords, don't trust any pop-ups, and avoid making any payments through your device. By following simple rules, we can enjoy technological progress without paying so much in return.
GO TO FULL VERSION