Menu Icon
< back to main
 • 5 min read

The Rise of VR : Addressing AppSec

Virtual Reality Risks and Solutions

The Rise of VR : Addressing AppSec
Cobalt
Cobalt

Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model by providing streamlined processes, developer integrations, and on-demand pentesters. Our blog is where we provide industry best practices, showcase some of our top-tier talent, and share information that's of interest to the cybersecurity community.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

The Rise of VR

“We must adapt our ways to ensure data security and privacy issues are not left behind because we were too slow to change.” -DevSecOps Manifesto

New technologies inevitably bring along new risks. Virtual Reality (VR) is one of those technologies that is slowly creeping into our daily digital lives, however, not much attention has been paid to the risks it brings along. This year at the Shift AppSec 2019 virtual conference Kavya Pearlman — Co-founder of X — Reality Safety Initiative (XRSI) shared her experience and application security research, as well as work conducted by Dr. Ibrahim (Abe) Baggili and the Cybersecurity Research team at the University of New Haven, Connecticut.

Kavya Pearlman 1Watch her talk here: https://vimeo.com/331500875

Pearlman shared some novel attacks as well as traditional attacks that were carried out on prominent Social VR applications.

Previously, Pearlman shared her opinion and subject matter expertise on Virtual Worlds and Real risks as well as Virtual Reality : A new frontier of Social Engineering. She is now partnering with Dr. (Abe) Ibrahim Baggili and his students he leading voices in the industry for uncovering these application security Virtual Reality Hacks and cyber attacks. Their work focuses on what can go wrong with VR. The team’s work can be read here:

Pearlman also shared more traditional exploitation techniques that were used recently in hacking the Social VR application, BigScreen VR.

Kavya Pearlman 2

As the industry looks towards mass adoption of Virtual Reality with an expected $40 billion market size and over 200 million active users by the year 2020 (source: Statista via VRFocus), these new cyber attacks have already begun making headlines.

Virtual Reality becoming new target for potential hackers

Kavya Pearlman and Dr. Baggili along with other security researchers, privacy and ethics advocates have started a non-profit Initiative to combat against these risks in emerging technologies like Virtual Reality(VR), Augmented Reality(AR) and Mixed Reality(MR) collectively known as X-Reality (XR).

The newly formed non-profit, XRSI is currently focused on spreading awareness around these risks and potentially implementing solutions and standards across the industry and the globe.

XRSI Vision: Help build safe virtual environments.

XRSI Mission: Inspire and catalyze the safe use of X reality.

For more information on XRSI follow twitter handle @XRSIdotorg.

Author: Kavya Pearlman (@Kavyapearlman) Kavya Pearlman is well known as “The Protector” or “Cyber Guardian” of two virtual world economies, Second Life and the latest social VR platform called Sansar for her work with Linden Lab. She is one of the Top 20 influencer in Cybersecurity for 2018 as voted by IFSEC. Recently Kavya was awarded 40 under 40 Top Business Executives 2019 by San Francisco Business Times, Rising Star of the year 2019 by Women in IT Award Series. For her work and contribution to security industry, Kavya was named minority CISO of the year 2018 by ICMCP. Kavya is an advocate for women and underrepresented communities in security and an inspirational figure for many around the world. Along with few security researchers, Kavya has now started a non-profit effort, XR Safety Initiative to promote privacy, security, and ethics plus develop standards around application security for Virtual Reality, Augmented Reality and Mixed Reality (VR/AR/XR).

Contributor: Ibrahim (Abe) Baggili (@CyberShawerma) Dr. Ibrahim (Abe) Baggili is the Elder Family Endowed Chair of Computer Science & Cybersecurity at the Tagliatela College of Engineering, Department of Computer & Electrical Engineering and Computer Science at the University of New Haven, CT, specializing in Cybersecurity & Forensics. He serves as the Assistant Dean and is the founder of the University of New Haven’s Cyber Forensics Research and Education Group ( UNHcFREG ). Abe is also the former editor-in-chief of the Journal of Digital Forensics, Security and Law (JDFSL). He received his BSc, MSc and PhD from Purdue University where he worked as a researcher in CERIAS. Abe co-authored over 70 publications including books, peer reviewed articles, and conference papers and has received funding for his work from a variety of sources including the NSF, NSA, DHS and MITRE. Most recently, work with his students showed security issues in mobile social messaging applications that affect over 1 billion people worldwide they also found major Virtual Reality exploits that affect people globally.

Sources

](https://youtu.be/Fb4vxd5ZqMQ)

  • [YouTube: Man-in-the-Room Attack & Command and Control Server Proof of Concept

](https://youtu.be/N_Z3mfzLZME)

Security Team BlogCybersecurity Insights

Related Stories

Cybersecurity Statistics for 2021
Cybersecurity Statistics for 2021
What's new in ransomware, social engineering, and many other security threats
Read moreArrow Right
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
The State of Pentesting 2021: Common Vulnerabilities, Findings, and Why Teams Struggle With Remediation
Each year, we publish The State of Pentesting report to provide a detailed overview of vulnerabilities and identify the trends and hazards that impact the cybersecurity community.
Read moreArrow Right
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
How to Build Resilience in Cybersecurity: 4 Lessons Learned From Military Experience
What better group to turn to for advice than security leaders who have worked on the front lines of risk and uncertainty?
Read moreArrow Right
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
New Ebook: Beginner’s Guide to Compliance-Driven Pentesting
Find out more about the role of pentesting in your company’s compliance effort.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens