How to protect against immersive cyber security threats in the metaverse

The metaverse exposes people to more cyber security risks.

The metaverse exposes people to more cyber security risks. Image: Getty Images/iStockphoto

Yazeed Alabdulkarim
Advisor, Research and Innovation, Saudi Information Technology Company (SITE)
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
This article is part of: Centre for Cybersecurity

Listen to the article

  • The metaverse is expected to make our digital experience closer to reality, blurring the lines between the virtual and physical worlds.
  • As is the case with every emerging technology, the metaverse exposes users to a multitude of new cyber risks and threats.
  • Research and standardisation efforts must cover cybersecurity threats, as well as the physical and emotional damage to people that may result from metaverse technology.

The internet has created a virtual world and revolutionised communications, making us able to communicate virtually everywhere. Smartphones made the next leap by making our interactions with the virtual world convenient and amplified with exciting features, such as photos, videos, GPS, mobile applications and more.

Our interactions with the virtual world are still limited and far from reality, however. A virtual meeting, for example, is less engaging. Attendees may feel disconnected, compared to a physical meeting. E-commerce lacks in-store engagement with customers and the look and feel of products.

This is where the metaverse is expected to fill the gap by making our digital experience closer to reality, blurring the lines between the virtual and physical worlds. The metaverse is transforming our online interactions by creating an immersive digital experience capturing all five senses and beyond. This immersive digital experience includes virtual reality (VR), augmented reality (AR) and mixed reality (MR), collectively termed eXtended reality (XR).

Have you read?

The metaverse involves the use of head-mounted displays (HMDs) to create an engaging and immersive computing experience. HMDs are expected to be profoundly enhanced in the next few years as their necessary level of convenience has not been reached. Innovation in the metaverse combines emerging technologies to produce innovative and revolutionary applications.

Nonetheless, as is the case with every emerging technology, a multitude of new cyber risks and threats are introduced and more are expected to surface with increased adoption. The metaverse is still in its early stages and its cybersecurity risks have not been thoroughly researched.

The use of HMDs present major cybersecurity risks. First, HMDs create an immersive experience that isolates users from their surroundings, making them less vigilant to threat cues, such as high CPU usage or physical movements, and more exposed to attacks.

Second, the metaverse enables threat actors to orchestrate immersive and realistic attacks that will be harder to detect and tackle. This will generate new unique cybersecurity threats that may cause virtual and physical harm. Although creating a better immersive experience and capturing more users’ senses are major metaverse objectives, the level of immersion is directly proportional to the level of cybersecurity threats and exposure to attacks.


How is the World Economic Forum contributing to the metaverse?

Cybersecurity threats in the metaverse


The metaverse space can project images to create scenes for participants in VR sessions. Images are rendered to the display of an HMD device. These VR sessions may be hijacked by an attacker to cause cyber-physical harm or discomfort. For example, an attacker may display a persistent overlay or malicious content that follows users’ eyes and can’t be closed. Other types of attacks may impact the lighting, resolution and framerate of projected scenes. Exploiting display vulnerabilities enables 3-D social engineering, cyberbullying and harassment attacks that create negative memorable experiences through the head-mounted displays.


HMDs have built-in speakers to enable users to send and receive audio during their metaverse interactions. These produce spatialised audio with dynamic head tracking to mimic real-life sounds in an effort to create an immersive experience. This audio system may be exploited in various ways, such as eavesdropping or creating immersive attacks with fake audio that might cause physical harm, such as temporary hearing loss or psychological harm, such as emotional distress.

Device sensors

HMDs are equipped with various sensors and trackers to measure the rate of motion, acceleration and rotation. Cameras are also used to identify objects and act as trackers for eye and body movements. The collected data from these sensors and trackers represent significant cybersecurity and privacy risks. This data captures users’ position, orientation and physical surroundings that can be analysed to infer body conditions and behavioural biometrics, such as walking and pointing. Researchers, for example, may be able to identify users with attention deficit and hyperactivity disorder symptoms based on their head rotations. Such data can be exploited by malicious actors to identify sensitive and personal data about users and potentially cause harm.

Human senses

The metaverse enhances our computing and online experience by increasing the breadth of immersion, which corresponds to capturing additional human senses. Most HMDs capture the sight and hearing senses. Devices under development are extending to another dimension, touch. Basic devices provide controllers that are represented as virtual hands and generate haptic feedback. Another future dimension is capturing the sense of smell. Increasing the number of senses presented and captured in the metaverse, however, adds more cybersecurity and privacy threats. Threat actors may target victims in various dimensions to create real and convincing attacks that trick all our senses.

Countering threats in the metaverse

The cybersecurity threats of the metaverse are factual. This requires further research to mitigate them as the metaverse’s adoption evolves. We must also establish appropriate standards and regulations to ensure the proper use of the technology. The International Telecommunication Union (ITU), for instance, has established a focus group of global members, including the Saudi Information Technology Company (SITE), to contribute to the technical pre-standardisation work of metaverse technology.

Research and standardisation efforts must cover cybersecurity threats, as well as the physical and emotional damage to people that may result from metaverse technology. Consequently, developing and applying ergonomic design principles to ensure people’s physical and emotional safety is essential.

As more users’ interactions and senses are captured in the metaverse to create immersive and engaging digital experiences, the more they become exposed and vulnerable to cybersecurity risks. Trusting your senses and believing what you perceive becomes trickier and more challenging than ever.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum