A survey and risk assessment on virtual, augmented and mixed reality cyberattacks
Autor(a) principal: | |
---|---|
Data de Publicação: | 2024 |
Tipo de documento: | Dissertação |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/20.500.11960/3946 |
Resumo: | Nowadays, Virtual Reality (VR), Augmented Reality (AR) and Mixed Reality (MR.) systems are not exclusively associated with the gaming industry. Their potential is also useful for other business areas such as healthcare, automotive, and educational domains, based on gathered statistics. Companies need to accompany technological advances and enhance their business processes and thus, the adoption of VR, AR, or MR technologies could be advantageous in reducing resource usage or improving the overall efficiency of operations. However, before implementing these technologies, companies must be aware of potential cyberattacks and security risks to which these systems are subject. This study presents a survey of attacks related to VR, AR. and MR. scenarios and a risk assessment based on the ISO 27005 methodology when considering healthcare, automotive, educa- tion, and gaming industries. The main goal is to make companies aware of the possible. cyberattacks that can affect the devices and their impact on their business processes. This classification intends to guide the companies that want to implement VR, AR, and MR. systems in their operations. They will be aware of the possible cyberattacks that can affect the devices and their risk level in their business domain. Proofs of concept for De nial of Service and Jamming attacks targeting HoloLens and other VR and AR, devices, along with a vulnerability found in the authorization method used in the HoloLens' Device Portal tool, are presented in this study. The motivation behind this project is to raise awareness among companies about potential vulnerabilities in these devices and how they can impact their business processes enabling them to apply effective mitigation methods. |
id |
RCAP_26a4de7954ec59a8a9d50592ac357e5a |
---|---|
oai_identifier_str |
oai:repositorio.ipvc.pt:20.500.11960/3946 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
A survey and risk assessment on virtual, augmented and mixed reality cyberattacksVirtual realityAugmented realityMixed realityCyberattacksVulnerabilitiesRisk assessmentRealidade aumentadaRealidade virtualRealidade mistaCiberataquesVulnerabilidadesClassifica??o de riscoNowadays, Virtual Reality (VR), Augmented Reality (AR) and Mixed Reality (MR.) systems are not exclusively associated with the gaming industry. Their potential is also useful for other business areas such as healthcare, automotive, and educational domains, based on gathered statistics. Companies need to accompany technological advances and enhance their business processes and thus, the adoption of VR, AR, or MR technologies could be advantageous in reducing resource usage or improving the overall efficiency of operations. However, before implementing these technologies, companies must be aware of potential cyberattacks and security risks to which these systems are subject. This study presents a survey of attacks related to VR, AR. and MR. scenarios and a risk assessment based on the ISO 27005 methodology when considering healthcare, automotive, educa- tion, and gaming industries. The main goal is to make companies aware of the possible. cyberattacks that can affect the devices and their impact on their business processes. This classification intends to guide the companies that want to implement VR, AR, and MR. systems in their operations. They will be aware of the possible cyberattacks that can affect the devices and their risk level in their business domain. Proofs of concept for De nial of Service and Jamming attacks targeting HoloLens and other VR and AR, devices, along with a vulnerability found in the authorization method used in the HoloLens' Device Portal tool, are presented in this study. The motivation behind this project is to raise awareness among companies about potential vulnerabilities in these devices and how they can impact their business processes enabling them to apply effective mitigation methods.Nos dias de hoje, os sistemas de Realidade Virtual (VR), Realidade Aumentada (AR) e Realidade Mista (MR) j? n?o est?o exclusivamente associados ? ind?stria dos jogos. De acordo com as estat?sticas apresentadas pela Finances Online, o potencial destas tecnolo gias tamb?m pode ser aplicado noutras ?reas de neg?cio, como sa?de, incl?stria autom?vel e educa??o. As empresas t?m a necessidade de acompanhar os avan?os tecnol?gicas, sendo a ado??o das tecnologias VR, AR ou MR, vantajosa para reduzir o consumo de recursos ou melhorar a efici?ncia geral das suas opera??es. No entanto, antes de implementar estas tecnologias, as empresas devem estar cientes dos potenciais ataques e riscos aos quais esses sistemas est?o sujeitos. Este estudo apresenta um levantamento de ataques que afetam sistemas de VR, AR, e MR, bem como uma avalia??o de riscos com base na metodologia ISO 27005, considerando as ind?strias de sa?de, autom?vel, educa??o e jogos. O principal objetivo ? sensibilizar as empresas para os poss?veis ciberataques que podem afetar os dispositivos e o impacto que os mesmos podem trazer para os seus processos de neg?cio. Desta maneira ter?o o conhecimento sobre o n?vel de risco associado ao seu dom?nio de neg?cios. Neste estudo, s?o tamb?m apresentadas provas de conceito para os ataques de Denial of Service e Jamming direcionados aos HoloLens e outros dispositivos de VR e AR. ? ainda descrita uma vulnerabilidade encontrada no m?todo de autoriza??o na ferra- menta Device Portal dos HoloLens. A motiva??o deste estudo ? alertar as empresas para as potenciais vulnerabilidades nestes dispositivos e como estas podem impactar os seus processos de neg?cio. Desta maneira, conseguem aplicar m?todos de mitiga??o para os mesmos.2024-03-12T18:25:39Z2025-01-15T00:00:00Z2024-01-15T00:00:00Z2024-01-15info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/20.500.11960/3946TID:203550870engSilva, T?nia Cristina Ferreira dainfo:eu-repo/semantics/embargoedAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-03-14T07:12:35Zoai:repositorio.ipvc.pt:20.500.11960/3946Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T04:00:36.312861Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
A survey and risk assessment on virtual, augmented and mixed reality cyberattacks |
title |
A survey and risk assessment on virtual, augmented and mixed reality cyberattacks |
spellingShingle |
A survey and risk assessment on virtual, augmented and mixed reality cyberattacks Silva, T?nia Cristina Ferreira da Virtual reality Augmented reality Mixed reality Cyberattacks Vulnerabilities Risk assessment Realidade aumentada Realidade virtual Realidade mista Ciberataques Vulnerabilidades Classifica??o de risco |
title_short |
A survey and risk assessment on virtual, augmented and mixed reality cyberattacks |
title_full |
A survey and risk assessment on virtual, augmented and mixed reality cyberattacks |
title_fullStr |
A survey and risk assessment on virtual, augmented and mixed reality cyberattacks |
title_full_unstemmed |
A survey and risk assessment on virtual, augmented and mixed reality cyberattacks |
title_sort |
A survey and risk assessment on virtual, augmented and mixed reality cyberattacks |
author |
Silva, T?nia Cristina Ferreira da |
author_facet |
Silva, T?nia Cristina Ferreira da |
author_role |
author |
dc.contributor.author.fl_str_mv |
Silva, T?nia Cristina Ferreira da |
dc.subject.por.fl_str_mv |
Virtual reality Augmented reality Mixed reality Cyberattacks Vulnerabilities Risk assessment Realidade aumentada Realidade virtual Realidade mista Ciberataques Vulnerabilidades Classifica??o de risco |
topic |
Virtual reality Augmented reality Mixed reality Cyberattacks Vulnerabilities Risk assessment Realidade aumentada Realidade virtual Realidade mista Ciberataques Vulnerabilidades Classifica??o de risco |
description |
Nowadays, Virtual Reality (VR), Augmented Reality (AR) and Mixed Reality (MR.) systems are not exclusively associated with the gaming industry. Their potential is also useful for other business areas such as healthcare, automotive, and educational domains, based on gathered statistics. Companies need to accompany technological advances and enhance their business processes and thus, the adoption of VR, AR, or MR technologies could be advantageous in reducing resource usage or improving the overall efficiency of operations. However, before implementing these technologies, companies must be aware of potential cyberattacks and security risks to which these systems are subject. This study presents a survey of attacks related to VR, AR. and MR. scenarios and a risk assessment based on the ISO 27005 methodology when considering healthcare, automotive, educa- tion, and gaming industries. The main goal is to make companies aware of the possible. cyberattacks that can affect the devices and their impact on their business processes. This classification intends to guide the companies that want to implement VR, AR, and MR. systems in their operations. They will be aware of the possible cyberattacks that can affect the devices and their risk level in their business domain. Proofs of concept for De nial of Service and Jamming attacks targeting HoloLens and other VR and AR, devices, along with a vulnerability found in the authorization method used in the HoloLens' Device Portal tool, are presented in this study. The motivation behind this project is to raise awareness among companies about potential vulnerabilities in these devices and how they can impact their business processes enabling them to apply effective mitigation methods. |
publishDate |
2024 |
dc.date.none.fl_str_mv |
2024-03-12T18:25:39Z 2024-01-15T00:00:00Z 2024-01-15 2025-01-15T00:00:00Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/20.500.11960/3946 TID:203550870 |
url |
http://hdl.handle.net/20.500.11960/3946 |
identifier_str_mv |
TID:203550870 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/embargoedAccess |
eu_rights_str_mv |
embargoedAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799138181490147328 |