What are the Security and Privacy Risks of VR and AR (2022)

What is augmented reality (AR) and virtual reality (VR)?

Augmented reality (AR) and virtual reality (VR) are closely related but not the same. Augmented reality enhances or ‘augments’ the real world by adding digital elements – visual, auditory, or sensory – to a real-world view. One of the most famous examples of AR in recent years was the popular game Pokémon Go.

By contrast, rather than adding to the existing world, virtual reality creates its own cyber environment. Virtual reality is usually experienced through an interface, such as a headset or goggles, instead of watching content on a screen.

Mixed reality (MR) is similar to AR but goes further by projecting 3D digital content that is spatially aware and responsive. With MR, users can interact with and manipulate both physical and virtual items and environments – for example, a virtual ball might bounce off a real table or wall.

The umbrella term for VR, AR, and MR is extended reality (XR).The global market for XR hardware, software, and services is growing each year. But the rapid rise of these technologies has also left some consumers wondering what privacy and security issues they raise.

Augmented reality security and privacy issues

AR concerns

One of the biggest perceived dangers of augmented reality concerns privacy. A user’s privacy is at risk because AR technologies can see what the user is doing. AR collects a lot of information about who the user is and what they are doing – to a much greater extent than, for example, social media networks or other forms of technology. This raises concerns and questions:

  • If hackers gain access to a device, the potential loss of privacy is huge.
  • How do AR companies use and secure the information they have gathered from users?
  • Where do companies store augmented reality data – locally on the device or in the cloud? If the information is sent to a cloud, is it encrypted?
  • Do AR companies share this data with third parties? If so, how do they use it?

Unreliable content

AR browsers facilitate the augmentation process, but the content is created and delivered by third-party vendors and applications. This raises the question of unreliability as AR is a relatively new domain, and authenticated content generation and transmission mechanisms are still evolving. Sophisticated hackers could substitute a user’s AR for one of their own, misleading people or providing false information.

Various cyber threats can make the content unreliable even if the source is authentic. These include spoofing, sniffing, and data manipulation.

Social engineering

(Video) Investing In The Metaverse: Cybersecurity & Risks To Consider | Money Mind | Virtual Reality

Given the potential unreliability of content, augmented reality systems can be an effective tool for deceiving users as part ofsocial engineering attacks. For example, hackers could distort users' perception of reality through fake signs or displays to lead them into performing actions that benefit the hackers.


AR hackers can embed malicious content into applications via advertising. Unsuspecting users may click on ads that lead to hostage websites ormalware-infected AR servers that house unreliable visuals – undermining AR security.

Stealing network credentials

Criminals may steal network credentials off wearable devices running Android. For retailers who use augmented reality and virtual reality shopping apps, hacking could be a cyber threat. Many customers already have their card details and mobile payment solutions already recorded in their user profiles. Hackers may gain access to these and deplete accounts silently since mobile payment is such a seamless procedure.

Denial of service

Another potential AR security attack is denial of service. An example might involve users who rely on AR for work suddenly being cut off from the information stream they are receiving. This would be especially concerning for professionals using the technology to carry out tasks in critical situations, where not having access to information could have serious consequences. One example might be a surgeon suddenly losing access to vital real-time information on their AR glasses, or a driver suddenly losing sight of the road because their AR windshield turns into a black screen.


Network attackers can listen in on the communications between the AR browser and the AR provider, AR channel owners, and third-party servers. This can lead toman-in-the-middle attacks.

(Video) New Disruptive AR Technologies| AR vs VR | Research on Augmented reality privacy and security AR is?


Hackers may gain access to a user’s augmented reality device and record their behavior and interactions in the AR environment. Later, they may threaten to release these recordings publicly unless the user pays a ransom. This could be embarrassing or distressing for individuals who do not want to see their gaming and other AR interactions made public.

Physical damage

One of the most significant AR security vulnerabilities for wearable AR devices is physical damage. Some wearables are more durable than others, but all devices have physical vulnerabilities. Keeping them functional and secure – for example, by not letting someone walk off with a headset that can be easily lost or stolen – is an essential aspect of safety.

What are the Security and Privacy Risks of VR and AR (1)

Virtual reality dangers and security issues

VR security threats are slightly different from AR since VR is limited to closed environments and doesn’t involve interactions with the real physical world. Regardless, VR headsets cover the user’s entire vision, which can be dangerous if hackers take over the device. For example, they could manipulate content in ways that will cause dizziness or nausea in the user.

VR concerns

As with AR, privacy is a major concern with VR. A key VR privacy issue is the highly personal nature of the collected data – i.e., biometric data such as iris or retina scans, fingerprints and handprints, face geometry, and voiceprints. Examples include:

  • Finger tracking:In the virtual world, a user might use hand gestures in the same way they would in the real world – for example, by using fingers to type the code on a virtual keypad. However, doing this means the system records and transmits the finger tracking data showing fingers typing a PIN. If an attacker can capture that data, they will be able to recreate a user’s PIN.
  • Eye-tracking:Some VR & AR headsets may also include eye-tracking. This data could provide additional value to malicious actors. Knowing precisely what a user is looking at could reveal valuable information to an attacker – which they can capture to recreate user actions.

It is nearly impossible to anonymize VR and AR tracking data because individuals have unique patterns of movement. Using the behavioral and biological information collected in VR headsets,researchers have identified users with a very high degree of accuracy– presenting a real problem if VR systems are hacked.

Just like zip codes,IP addresses, and voiceprints, VR and AR tracking data should be considered potential 'personally identifiable information' (PII). It can be regarded as PII because other parties can use it to distinguish or trace an individual's identity, either alone or when combined with other personal or identifying information. This makes VR privacy a significant concern.

(Video) Privacy Concerns In VR and Metaverse


Attackers may also inject features into VR platforms designed to mislead users into giving away personal information. As with AR, this creates scope for ransomware attacks, where malicious actors sabotage platforms before asking for a ransom.

Fake identities or ‘Deepfakes

Machine-learning technologies allow for manipulating voices and videos to the extent they still look like genuine footage. If a hacker can access the motion-tracking data from a VR headset, they can potentially use it to create a digital replica (sometimes known asdeepfakes) and therefore undermine VR security. They could then superimpose this on someone else’s VR experience to carry out a social engineering attack.

Aside from cybersecurity, one of the biggest virtual reality dangers is that it completely blocks off a user’s visual and auditory connection to the outside world. It’s always important to evaluate the physical safety and security of the user’s environment first. This also applies to AR, where users must maintain a good awareness of their surroundings, particularly in more immersive environments.

Other problems with VR that critics sometimes describe as virtual reality negatives include:

  • Potential for addition.
  • Health effects – such as feeling dizzy, nauseous, or spatially unaware (after extended use of VR.)
  • Loss of human connection.

Examples of AR and VR

The uses for augmented reality, virtual reality, and mixed reality are varied and expanding. They include:

  • Gaming– from first-person shooters to strategy games to role-playing adventures. The most famous AR game is probably Pokémon Go.
  • Professional sports– for training programs that help both professional and amateur athletes.
  • Virtual travel– such as virtual trips to attractions like zoos, safari parks, art museums, etc. – without leaving home.
  • Healthcare– to allow medical professionals to train, for example, using surgical simulations.
  • Film and TV– for movies and shows to create enhanced experiences.

The technology is also used in more serious domains. For example, theUS Army uses itto digitally enhance training missions for soldiers, while in China, the police use it toidentify suspects.

Oculus privacy concerns

Oculus is one of the best-known VR headsets and one of a handful of companies that backs VR game development at a large scale. Facebook acquired the company in 2014, and in 2020, Facebook announced that Facebook logins would be required for future VR headsets.This development sparked a heated discussion about Oculus privacy.

(Video) VR security and privacy

Critics of the decision were concerned about how Facebook collects, stores, and uses data and the potential for further ad targeting plus being forced to use a service that some may not have otherwise chosen to use. The announcement led to a wave of online posts from privacy-conscious users worried about Oculus security and who claimed they would no longer use their Oculus headsets – although commentators felt that it was unlikely to hinder Oculus in the long run.

Tips: How to stay safe when using VR and AR systems

Avoid disclosing information that is too personal

Don't disclose any information that is too personal or doesn't need to be disclosed. It is one thing to set up an account with your email but don't set up your credit card unless you are explicitly purchasing something.

Review privacy policies

It is easy sometimes to skip over lengthy data privacy policies or terms and conditions. But it’s worth trying to find out how the companies behind AR and VR platforms store your data and what they do with it. For example, are they sharing your data with third parties? What kind of data are they sharing and collecting?

Use a VPN

One way to keep your identity and data private on the web is by using a VPN service. If you need to disclose sensitive information,using a VPNcan protect you from having that information compromised. Advanced encryption and an altered IP address work together to keep your identity and data private. With developments in AR and VR, the VPN model will likely expand within these tech realities.

Keep firmware up to date

For your VR headsets and AR wearables, it's vital to keep firmware up to date. As well as adding new features and improving existing ones, updates help to patch security flaws.

Use comprehensive antivirus software

In general, the best way to stay safe online is by using a proactive cybersecurity solution. Such asKaspersky Total Securitywhich provides robust protection from various online threats. Such as, viruses, malware, ransomware, spyware, phishing, and other emerging internet security threats.

Related Articles:

(Video) How Apple Is Killing Meta With VR And Privacy

  • Online Gaming Scams – How to Stay Safe
  • Top 7 Online Gaming Dangers Facing Kids
  • What is IoT? Tips for IoT Security
  • Online Gaming Scams during Pandemic - How to Stay Safe


What are the security and privacy risks of VR and AR? ›

The research shows that hackers could use popular virtual reality (AR/VR) headsets with built in motion sensors to record subtle, speech-associated facial dynamics to steal sensitive information communicated via voice-command, including credit card data and passwords.

What are the risks of VR? ›

Exposure to virtual reality can disrupt the sensory system and lead to symptoms such as nausea, dizziness, sweating, pallor, loss of balance, etc., which are grouped together under the term "virtual reality sickness". In sensitive individuals, these symptoms may appear within the first few minutes of use.

What are the risks we face in augmented reality? ›

Despite the intelligent healthcare technology that these devices provide, they are at risk of malware as a result of the low-level cybersecurity that is installed on them. This means that the data stored is vulnerable to being read by a third party and being pulled from the devices.

What are the disadvantages of AR and VR? ›

April 13, 2022. The disadvantages of augmented reality include bulky and expensive headsets with a limited field of view (FoV), security concerns when AR data is manipulated to influence worker decisions, a high and expensive learning curve to use, and a lack of truly precise spatial location systems for AR objects.

What is AR and VR example? ›

Augmented reality (AR) adds digital elements to a live view often by using the camera on a smartphone. Examples of augmented reality experiences include Snapchat lenses and the game Pokemon Go. Virtual reality (VR) implies a complete immersion experience that shuts out the physical world.

What are the types of AR and VR? ›

There are 3 primary categories of virtual reality simulations used today: non-immersive, semi-immersive, and fully-immersive simulations.

Are there any privacy issues raised by augmented reality applications? ›

AR/VR devices collect extensive biometric data, which can identify individuals and infer additional information. This data can create better immersive experiences⁠ but also exacerbate privacy risks.

What is the biggest problem with VR? ›

Many people report headaches, eye strain, dizziness and nausea after using the headsets. Such symptoms are triggered by the VR illusion, which makes the eyes focus on objects apparently in the distance that are actually on a screen just centimetres away.

What is the difference between AR and VR? ›

VR creates an immersive virtual environment, while AR augments a real-world scene. VR is 75 percent virtual, while AR is only 25 percent virtual. VR requires a headset device, while AR does not. VR users move in a completely fictional world, while AR users are in contact with the real world.

What is the problem of AR? ›

One of the significant challenges that the AR industry has to face is security and privacy concerns. There is a legitimate chance you can get into trouble without intending to do so because of the inconsistencies in the AR programming, negligence, and oversight.

How does AR and VR affect society? ›

Virtual and augmented reality can help people connect with each other and improve their communication skills. As well as provide the user with an amazing and detailed experience that any previously known device could not. Consequently, and obviously, this has an impact on society, but which one exactly?

How secure is VR? ›

No matter how a VR device is connected, that connection makes it vulnerable to attack. Hackers potentially can use the HMD or VR devices as gateways to both home networks and enterprise systems/networks. Once the link has been established, hackers can steal private data and information.

Why does AR lack privacy? ›

A user's privacy is at risk because AR technologies can see what the user is doing. AR collects a lot of information about who the user is and what they are doing – to a much greater extent than, for example, social media networks or other forms of technology.

What is the use advantage and disadvantage of augmented reality? ›

Advantages and disadvantages of both
Augmented RealityVirtual Reality
Increase user knowledge and informationQuite expensive to use it in everyday life and it might be less accessible for small businessesVirtual Reality in education field makes education more easily and comfort
1 more row

What are the 3 types of AR? ›

3 different types of AR explained: marker-based, markerless & location.

What is the purpose of AR and VR? ›

AR is intended to enhance the virtual world and the real world. VR replaces the real world with a fictional reality, which is primarily intended to enhance games.

What is AR in simple words? ›

Augmented reality (AR) is the integration of digital information with the user's environment in real time. Unlike virtual reality (VR), which creates a totally artificial environment, AR users experience a real-world environment with generated perceptual information overlaid on top of it.

What is AR and examples? ›

Augmented reality uses the existing real-world environment and puts virtual information—or even a virtual world—on top of it to enhance the experience. For example, think of Pokémon Go, where users are searching in their real-life neighborhoods for animated characters that pop up on their phone or tablet.

What are the two issues associated with augmented reality? ›

Current challenges with augmented reality technology include inconvenient user experience and physical safety risks.

How do you conduct the ethics of privacy in AR and VR applications? ›

The Code of Ethics
  1. Do no harm. Ensure that the intensity of the VR experience and its effects are appropriate by thorough testing. ...
  2. Secure the experience. ...
  3. Be transparent about data collection. ...
  4. Ask for permission. ...
  5. Minimize nausea. ...
  6. Diversify representation. ...
  7. Regulate social spaces. ...
  8. Consider accessibility for all.
10 Oct 2019

How does virtual reality affect the brain? ›

However most of the time the VR experience only consists of visual stimulation. Due to this reduction of sensorial stimulation in comparison to real-life experiences, many researchers have demonstrated how VR weakens some brain connections.

Why virtual reality is a problem? ›

According to the study, the problem with virtual reality is that computer-generated images are displayed on two-dimensional screens, which means that the eyes must remain focused in one place. However, since the images presented are three-dimensional, the eyes must be constantly changing focus from near to far.

Why are people scared of virtual reality? ›

Virtual reality can be scary

Users felt fear when objects were rushing toward them or were sensing motion that made them feel out of control. As a result, they exhibited an exaggerated response reaction or attempted to flee the environment, resulting in them hitting walls, furniture, or other people.

What problem does AR VR solve? ›

AR overlays information in virtual displays, and it helps to increase retention. Through VR, employees can try out things virtually, which will save them from anxiety issues.

Which is best VR or AR? ›

AR uses a real-world setting while VR is completely virtual. AR users can control their presence in the real world; VR users are controlled by the system. VR requires a headset device, but AR can be accessed with a smartphone. AR enhances both the virtual and real world while VR only enhances a fictional reality.

When VR and AR are used together it is called a? ›

The term mixed reality was first introduced in a 1994 by Paul Milgram and Fumio Kishino in a paper entitled "A Taxonomy of Mixed Reality Visual Displays." The paper introduced the idea that mixed reality is a continuum that includes VR and AR, as well as any new technologies that will allow digital content to interact ...

What is AR VR technology called? ›

Extended Reality (XR) is the umbrella category that covers all the various forms of digital reality, including Augmented Reality (AR), Mixed Reality (MR), and Virtual Reality (VR).

What are the 4 difficulties in using augmented reality AR in education? ›

Technical Issues With Augmented Reality Training (e.g. hardware, content, and user difficulties) Limited Augmented Reality Training Content Capabilities. Vendor Issues When Outsourcing Extended Reality Training. Augmented Reality Training Can Be Less Immersive Than Other Modalities.

Why is AR so important? ›

Augmented reality creates a visual representation of data with insights that enables an organization to improve processes on-site. Here an AR app development company can help you integrate vital processes into a data analytics system for visual presentations.

What is AR and why is it important? ›

Augmented reality (AR) is the integration of virtual data produced in the computer environment into the real world in a way that we can perceive with our sense organs. The data produced in the virtual environment such as images, animations, 3D models, videos, graphics are transferred to the real world in real-time.

Can you get hacked on VR? ›

The research shows that hackers could use popular virtual reality (AR/VR) headsets with built in motion sensors to record subtle, speech-associated facial dynamics to steal sensitive information communicated via voice-command, including credit card data and passwords.

Is augmented reality safe? ›

A user's privacy is at risk because AR technologies can see what the user is doing. AR collects a lot of information about who the user is and what they are doing – to a much greater extent than, for example, social media networks or other forms of technology.

Is VR harmful for eyes? ›

Using VR technology for long periods of time has been shown to cause to eye strain. The symptoms of eye strain usually grow more severe the longer you use VR uninterrupted. Some scientists have hypothesized that VR is prone to causing eye strain because of how close a VR headset display is to the user's eyes.

How do AR filters affect people's self image? ›

In a follow-up survey, we found that when the AR filter increased the gap between how participants wanted to look and how they felt they actually looked, it reduced their self-compassion and tolerance for their own physical flaws.

How does augmented reality affect the environment? ›

AR and VR can directly minimize environmental degradation by reducing greenhouse gas emissions.

How does augmented reality affect education? ›

Augmented Reality (AR) in education features aspects that enhance learning of abilities like problem-solving, collaboration, and creation to better prepare students for the future. It is also good for traditional pedagogy focused on technical knowledge and proficiencies.

What are the three 3 key characteristics of augmented reality AR )? ›

Understanding augmented reality

AR incorporates three features: a combination of digital and physical worlds, interactions made in real time, and accurate 3D identification of virtual and real objects.

What are some challenges faced by businesses when trying to use AR or VR technologies? ›

6 Challenges to Implementing AR
  • Implementation Cost. ...
  • Technology and Skills Gaps. ...
  • Resource Scarcity and Competing Priorities. ...
  • Management Buy-in. ...
  • Cybersecurity and Regulatory Concerns. ...
  • Perceptions of the Technology.
28 Oct 2021

Why VR and AR is important? ›

VR and AR can be used to make simulations where training can be safe and free of consequences. Employers can create an exact simulation of their operations with the equipment they use. New employees can then gain expertise through the simulation and experiment to their heart's content.

What are the most important benefits of using virtual reality? ›

8 VR training benefits your organization can take advantage of
  • Accelerate speed to proficiency.
  • Improve customer service.
  • Reduce onboarding time.
  • Improve workplace safety.
  • Decrease turnover.
  • Decrease incident costs.
  • Improve brand & scale culture.
  • Eliminate business interruptions.

What major issues prevented VR and AR from being implemented and popularized sooner? ›

1: 3D design interface. The biggest barrier to wide adoption of immersive technologies is the lack of good user experience design. 3D interface design is difficult and expensive, and there are few people with the necessary design skills to overcome these issues.


1. Privacy in the Metaverse: New Risks
2. Ethical Implications of VR & AR: Surveillance and Platform Power
(M C)
3. USENIX Security '22 - OVRseen: Auditing Network Traffic and Privacy Policies in Oculus VR
4. Apple AR Headset Rumors, Oculus Privacy Concerns, and VR Surgery Training
(Actuality VR)
5. Privacy in VR - What can find out of users of virtual reality.
(Eric Hawkinson)
6. Privacy and Security in the Metaverse. Part 1
(The Security Expert Marketplace)

Top Articles

Latest Posts

Article information

Author: Merrill Bechtelar CPA

Last Updated: 12/03/2022

Views: 6327

Rating: 5 / 5 (50 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Merrill Bechtelar CPA

Birthday: 1996-05-19

Address: Apt. 114 873 White Lodge, Libbyfurt, CA 93006

Phone: +5983010455207

Job: Legacy Representative

Hobby: Blacksmithing, Urban exploration, Sudoku, Slacklining, Creative writing, Community, Letterboxing

Introduction: My name is Merrill Bechtelar CPA, I am a clean, agreeable, glorious, magnificent, witty, enchanting, comfortable person who loves writing and wants to share my knowledge and understanding with you.