Cybersecurity And The Explosion Of Augmented Reality
By Paul Ryznar
Augmented reality (AR) technology is advancing with extraordinary speed, and new innovations hit the marketplace regularly. Powerful and sophisticated applications are being implemented in everything from manufacturing and industrial environments to shipping and logistics. While AR advances are unquestionably exciting, the industry is now grappling with a whole constellation of complexities.
The adoption of AR brings an expanding landscape of new cybersecurity vulnerabilities. Consumers and businesses are grappling with big data breaches, and implementing effective cybersecurity measures is an essential necessity for modern businesses.
Cybersecurity measures are one of the first things AR solutions providers consider when developing new tech. Here are some of the most urgent and relevant cybersecurity issues — and solutions — involving AR:
Innovation Outpacing Preparation
The business proposition of AR is causing it to be adopted before the risks have been vetted or having tech developed by companies without significant IT experience, leading to technologies that are actually incompatible with existing infrastructure. I strongly recommend including IT security experts in your early AR discussions, as they can help you vet security capabilities and adopt your security best practices.
Setting The Standard
Wearable and tablet-based AR almost always requires Wi-Fi, which carries significant security risks. Even the latest WPA3 encryption standard has been found to have serious vulnerabilities. Applying firmware updates to patch these vulnerabilities often has unintended side effects such as reduced bandwidth or dropped connections. There are enterprise tools available to secure your Wi-Fi, such as WPA2-Enterprise and server authentication, that often involve bringing in outside security vendors. Most wearables do not support WPA2-Enterprise, however, and we usually recommend implementing security layers on top of your normal Wi-Fi connection.
Many wearable AR companies require cloud connectivity, which exposes new threat vectors. Those vectors include:
- Data moving to and from the cloud can often be intercepted. Even TLS encryption can be breakable with common IT infrastructure stacks that do packet inspection.
- Interruptions of internet connections can disrupt production.
- Cloud servers can be breached, potentially exposing sensitive data. Another cloud-related challenge is structural, but no less problematic, for many companies. Once pigeon-holed into a cloud service, companies become dependent on that service provider, often with no easy way to change providers. The bottom line is that IT departments need to build up the skill set to work in the cloud safely and reliably. At a minimum, IT departments must invest in access-monitoring and authentication tools.
Many AR users may be surprised that one of the biggest security vulnerabilities for wearable AR devices isn’t virtual intrusion; it’s physical compromise. Tablet and wearable devices also have general threat vectors, even when not operating on the cloud:
- Wearable devices can host malware, enabling cameras, collecting data, corrupting work instructions or disrupting operation.
- Battery life issues can be a threat because they disrupt production when batteries need changing.
- It is relatively easy to steal network credentials off many wearable devices running Android, potentially exposing Wi-Fi networks to intruders that obtain a device. Counter it with more advanced authentication techniques.
- Wearables are prone to physical damage. Some headsets are more durable, but all devices have physical vulnerabilities. Keeping them functional and secure (not letting someone walk off with a headset that can be easily lost or stolen) is critical.
There are multiple endpoint protection options for wearable devices running Android operating systems. If you already have tools to protect Android devices, these can be loaded on Android-based wearables. There are a variety of hardware options that let you trade off battery life, durability, comfort and other parameters for wearables.
Many companies are reluctant to house their sensitive data on someone else’s cloud. This is a challenge for responsible AR solutions providers because very few manufacturers have meaningful security measures on their internal systems. In contrast, AR providers typically have highly advanced security protocols and systems designed to address the three key principles of effective cybersecurity:
- Make sure the wrong person doesn’t get access to sensitive data.
- Make sure the right people do have access to that data.
- Ensure the data in question is not compromised or corrupted.
One way to achieve all three priorities is by localizing sensitive information to the facility. Storing sensitive information on your PC or server in your facility — and not on the wearable itself — eliminates a lot of potential vulnerabilities. But even that might not be going far enough. High-profile damage from malicious software like the Stuxnet worm has reinforced the need to keep supposedly safe equipment away from the internet. The safest cybersecurity strategy is the “air gap,” where equipment has no possible connection to outside systems.
One way to address cloud-based vulnerabilities is to avoid them altogether. Hardwired projection-based AR platforms are significantly less vulnerable to hacking and data theft. The best solutions provide virtually all of the benefits of cutting-edge AR applications — without the potential exposure of sensitive information or the disruption that can come with wearables and cloud-based tech solutions. Projection-based systems are well-suited for the medical and defense industries, where information is extremely sensitive.
The Arms Race
Going forward, new AR applications will need to come with increasingly effective cybersecurity technologies. If cybersecurity measures cannot ensure a secure connection, the exposure risks will exceed the return on investment potential.
Ultimately, AR innovators need to recognize that the cybersecurity “arms race” is a process — a moving target where we are defending against evolving, human threats who are constantly getting better. To appreciate how quickly new realities can replace old assumptions, consider the extraordinary speed with which quantum computing capabilities — which are already starting to make standard RSA encryption look vulnerable — are increasing. We’re not at the exponential rate described by Moore’s Law, which famously states that computing power roughly doubles every two years — but double the exponential rate.
At that pace, new threats can emerge and reliable security protocols become obsolete quite literally overnight. Implementing your cyber strategy is an ongoing process to keep up with the sophisticated threats of an increasingly connected — and increasingly augmented — world.