According to reports, the head of Microsoft’s cybersecurity recently called for the metaverse platforms to be armed to stop hackers and criminal groups from sabotaging this new technology when it first began to develop.
Charlie Bell, Microsoft’s newly appointed head of security, said that there will be many innovations in the metaverse, and of course, faced with some problems (such as security issues), the industry also needs to find ways to deal with them.
The Metaverse is a new concept recently championed by tech companies like Meta. By definition, the metaverse is a completely virtual digital world in which every user can live, work and play. But just like the real Internet world, the Metaverse presents a unique and even more serious security challenge for tech companies and cybersecurity companies.
Bell introduced that, for example, in traditional emails, hackers would impersonate a user’s friends for phishing fraud, while in the Metaverse, hackers could also steal virtual avatars and pretend to be users’ friends. In addition, in the metaverse, the lack of centralized supervision of user activities and content, brings greater challenges to the protection of “residents”.
At Microsoft, Bell’s official role was vice president of security, compliance, and identity management. In a blog post published on Microsoft’s official website on Monday, Bell said that in the Metaverse, there will also be phishing attacks using fake avatars.
For example, a hacker may forge an email from a bank, and the other party uses the bank teller’s name. Virtual avatars are ready to defraud users’ confidential information. It is also possible for hackers to impersonate the CEO of the user’s company and invite him to a pre-prepared video conference room to carry out criminal activities.
Tech companies such as Microsoft and Meta entering the Metaverse must pay more attention to security at the product development stage, rather than patching later issues.
Bell said that within the Metaverse, a variety of software will need to run, including games, entertainment or corporate video conferencing. And all software developers or users need to consider in advance how to maintain the security of the Metaverse and prevent hacking, abuse, harassment and other illegal content from appearing.
In addition, software developers will need to collaborate with each other to interconnect user accounts (so that users can use the same account across multiple metaverses) and roll out various security tools.
Bell emphasized that the metaverse will only fail if security is not planned. Bell reportedly joined Microsoft in 2021 after years of experience in Amazon’s cloud computing division (then headed by today’s Amazon CEO Jassie).
In his blog post, Bell stated that when the metaverse era begins, the industry has an opportunity to establish clear norms and core security principles in order to promote mutual trust among residents of the metaverse and ensure the experience of using the metaverse. If the industry misses the present opportunity, the promotion of the metaverse concept will be hindered, and human society will not be able to enjoy the connection, collaboration and business development opportunities brought by the metaverse.
In the future, there will be multiple metaverse platforms and various applications built on them, and technology companies will need to collaborate to fill the gaps between different platforms. Tech companies will also need to develop tools such as multi-step authentication and passwordless login technology.
Bell also suggested that Metaverse adopt technological innovations emerging in the field of meta computing security, that is, multiple platform service providers launching a unified tool to centrally manage user security and user access to different applications from different vendors.
The executive also said that the decentralization of the Metaverse also enhances security, that is, different companies can bring their own unique security technologies, solve authentication and transparent software bug reports, etc.