Author: Jordon Kelly, Research Analyst, ISF
25 Mar 2020

Threat 1.1 Augmented attacks distort reality

New and emerging technologies have begun invading every element of daily life as it increasingly becomes difficult to separate the digital and physical world. Over the coming years there will be a fundamental shift in the way we perceive the world around us.

Augmented Reality technologies (AR) will add a new digital layer of information to the physical world. AR will drive innovation across industrial and consumer environments but will also heighten levels of risk to consumers and business, with threats coming from a range of adversarial actors.

AR will allow traditional and digital attacks to cross the digital/physical divide. The impact of compromised AR systems and devices in many organisations and across industries will result in widespread disruption and downtime, something that organisations implementing this technology into their business models and operations need to be aware of.

Failure to plan for the impact of compromised devices and software will not only have repercussions for business reputation and the loss of finances, but also the increased probability of harm to individuals and even loss of life.

Organisations that become heavily dependent on AR technologies will need to reassess their business continuity, crisis management and recovery strategies in order to deal with large scale operational downtime. Organisations should consider maintaining training and development of skill sets that may be required in the absence of AR systems, this will be critical in maintaining a level of operational capability for organisations during crisis and recovery periods.

Manufacturing sector:

As AR is adopted across the manufacturing and engineering sectors it will replace traditional means of communicating information including hard copies of instructional documents such as blue prints and schematics. In a bid to lower operational costs, increase productivity and streamline processes unprepared organisations with immature AR security will find their AR devices and systems vulnerable to a range of attacks.

  • DOS and DDOS attacks will cripple organisations with an over reliance and dependency on this technology as they disrupt operations used in critical processes, e.g. an attacker may target the AR schematics system of a vehicle manufacturer to disrupt production. This may have serious reputational and safety repercussions for organisations investing in AR without a mature approach to the risks it poses.

Medical sector:

A significant influencing factor in the adoption and widespread use of AR over the next several years will be the development and implementation of 5G networks. It is the decrease in latency and increase in connectivity that will enable information to be conveyed in real-time directly to AR devices. This advancement in network technology will allow the overlay of digital information to be utilised during live medical procedures. AR devices will be able to provide the physiological information of a patient in real time, offering surgeons and other medical professionals the critical time necessary to save lives and carry out complex surgical operations and assessments.

With the healthcare industry being considered a major target for cyber attacks over the last few years, and given the rate of AR adoption, the likelihood of more cyber attacks is extremely high.

  • As with the manufacturing industry the potential impact of attacks that directly, or indirectly compromise the availability of key AR systems and devices (such as DOS and DDOS attacks) could be significant and detrimental to health and safety.
  • Immature or vulnerable AR technologies could also be a new avenue for attackers to distribute and propagate malware across less mature network environments. AR’s visual interface will provide a new visceral mechanism for attackers to components of AR to communicate ransomware demand to targets.
Augmented Reality technologies will fundamentally change how we work, play, learn and connect.
Augmented Reality technologies will fundamentally change how we work, play, learn and connect.

This blog is one part in a series of blogs based on the Threat Horizon 2022 report. In the coming weeks, we will be discussing the three themes and nine threats covered in the report.

Find out more about Threat Horizon 2022: Digital and Physical Worlds collied here >

ISF Members can download the Threat Horizon 2022: Digital and physical worlds collide report here.

Jordon Kelly joined the ISF in February 2019 as an Information and Cyber Security Analyst within the Research Team. He was the project lead and authors of the ISF annual flagship report: Threat Horizon 2022, Published on the 30th January 2020.
Jordon has also contributed to research on and co-authored the Human-Centred Security: addressing Psychological Vulnerabilities paper and has assisted on a number of other ISF projects.
With an academic background in the social sciences including a BSc Hon degree in Forensic Psychology and a MA with distinction in International Security, Jordon contributes a unique perspective on the relationship between humans and technology. He has written extensively on the impact of emerging technologies, information and cyber warfare, security strategy, politics and international relations.