metadata
Augmented Reality Security Considerations
This post had originally been titled "The Top Augmented Security Threats"....on what grounds do I have to make such claims? These technologies and ideas are new. As such, aggressively speculating on potential future dangers (with no idea how real they are) is dangerous. In writing this blog, I hope to spark new thoughts and build upon the ideas of others. What I do not want is to over-sensationalize the threats I discuss. Many of them are simply conceptual and interesting to think about, but to no extent do I wish to peddle fear off on to others for my own personal gain. ::cough:: 60 minutes ::cough:: As this blog matures, I hope to promote worthy dialogue and keep fear mongering out of proximity. That said..
With augmented reality systems on the rise it has become important to focus on the corresponding security threats users may face. Fundamentally, the AR paradigm allows users to interface with a more intelligent planet. Our mobile devices now provide a gateway to context specific knowledge and information. This knowledge rich virtual layer permits individuals to more intelligently maneuver and manipulate our contemporary surroundings.
Context hacking and location manipulation: As we become more dependent on these mobile devices to provide information relevant to our surrounding environment, a trust relationship is born. We as users come to trust that the information we receive is valid and credible. Applications such as Layer, show users what is in proximity to them by displaying real time digital information on top of reality through the mobile phone's camera. Much of the real time digital information that we find in such applications is user submitted data. What is to prevent malicious users from targeting specific locations and submitting false information? Attackers could target specific locations, manipulate the environment's digital context, and more effectively facilitate attacks such as spear phishing and social engineering. Attackers can easily leverage the power of social context to stack the deck in their favor. Take it one step further. What if attackers target a specific business or organization? By hacking context and manipulating location, attackers can desecrate an organization's reputation. Attackers could even go so far as to depreciate the value of a home simply by means of context hacking and location manipulation. As can be seen in the new Twitter API for location based trends these attacks really are not that far away.
Location Based DDoS'ing: AR systems and location go hand in hand. It is the location based information, in many cases, that makes an AR system worth using. The ubiquitous networking of objects and the Internet of things implies networks and their hosts will become somewhat presence aware. Users will come to rely upon systems and networks with presence that are location specific. Attackers may choose to DDoS location specific targets particular to a mission. However, this idea is not intrinsically new. AR systems simply have the potential to amplify such threats.
Physical Threat: Continuing on with the importance of location, physical threats become more relevant. Users with mobile devices, acting as sensors, promote the dissemination of location relevant information. As such, an individual targeting another individual in physical space (instead of virtual space) could conceivably do so more effectively.
Spam: Spam, sigh, the problem we were to have solved back in 2006. Spam will be just as relevant to AR systems as it is today with email. This virtual layer will likely become littered in spam. Advertisements will be everywhere. Users themselves may become the advertisements.... similar to something like this. Will users simply learn to tone them out as they do with advertisements on the Web? Probably. However, the market and dirty money to disseminate spam will still be there.
Mobile Metadata Mining: I posted about this a few days ago. Is it a threat? I suppose. Is it something that should keep me up at night? Absolutely not. The metadata associated with output from mobile devices will eventually allow us to do some pretty incredible things....that is of course, if it becomes standardized. Until then, mobile metadata mining will simply be the mass acquisition of dissimilar data. The differences in format and semantics will only permit a group or individuals mining the data to do so much. If some kind of standard to recognize the who, what, where, when does come to exist, look out. Intelligence gathering will grow to new levels.
Delicious
Digg
TechnoratiMobile Metadata Mining of Augmented Reality Systems
Augmented reality is here. Right now, today. We are about to see some creative developers make some incredibly powerful applications, applications that will change our lives on a daily basis. So what is augmented reality?
"In case the concept of augmented reality is still new to you, basically it’s the placement of a digital layer of information on top of a real-life view of the world around you, as seen through e.g. a mobile phone’s camera lens. Using augmented reality, you could be using your smartphone to glance around the main square of a city you’re visiting and get up-to-date information about nearby restaurants, ATMs, real estate offers, and more on-screen, bolted on top of what you’d be seeing if you weren’t looking through the lens."
When I first started this blog about 4-5 months ago, I understood the power of virtual environments, but I focused too heavily on three dimensional spaces. I believe three dimensional virtual spaces, that are Metaverse-like, are still important but I am beginning to take a step back from them. Based on where we are today with mobile computing, social networks, location-based media,and real time information, it is hard not to get excited about the oncoming explosion of AR systems.
Instead of providing a third dimension of internet context, augmented reality has an intelligent virtual layer that interfaces with the real world. Currently, the information residing on this virtual layer is primarily solitary and cached. Soon, users will be interacting with, and collaborating over this virtual layer in real time. The output users embed into the virtual layer from their mobile devices, whether it be text, pictures, audio content, etc. will have core metadata components bound to it. These core metadata components will answer questions associated with mobile output for things like who, what, where, and when. This metadata permeating throughout the AR system makes the system more intelligent. However, it will leave behind a digital trail unique to target individuals.
Scraping these AR systems, and mining this user output metadata, willl become a powerful intelligence gathering tool. Relationships between individuals, their locations, their interests, etc will all be easily ascertained. This information will no doubt provide value to malicious attackers but it will also promote intelligent risk management applications. Organizations and nation states will use aggregated metadata from mobile devices to model scenarios and perform dynamic threat vector analysis.
AR systems will be powerful and provide great value, but individuals must be careful with how they interact with the virtual grid and what they're willing to embed within it.
