The largest distinguishing factor in the inclusion of AR devices is the potential vulnerabilities that the devices can introduce to the enterprise. Similar to the impact potential associated with Industrial Control Systems (ICS) devices, AR devices allow bridges to data in physical space. In the case of ICS devices, the manipulation of the ICS is the objective, and the IT infrastructure is the pathway to the objective. AR devices however, allow unique perception of the environmental space in which the device exists by virtue of its external sensing capabilities. Audio, Video, Spatial Mapping, Thermal, and Geographic Location features all collect data that can be used or captured for adverse purposes. These data sets could allow capture of data that would allow an attacker to circumvent a protection mechanism or allow the transition of attack from one vector to another. This change in the attack chain, or vector transition consists of exploiting a network connected to the AR device, capturing the data and using it to attack a non-connected system. Examples include password eavesdropping on an air-gapped system, alarm system PIN capture, token capture, or user behavior tracking.
In examining the security factors associated with AR devices in the enterprise it is important to identify the factors that differentiate the devices from traditional IT systems. Similarities in architecture, OS and communication protocol will allow for like attack vectors from a vulnerability perspective. AR devices have a very specific set of impacts that deal with the unique attributes that AR devices bring to the enterprise.
AR devices by their inherent feature sets provide distinguishing impact characteristics in two areas:
1) As a collector of environmental data
2) As an injector of data to a user
The first differentiator is most significant as the AR devices inherently allow collection of visual, audio, network configuration, user behavior, and environmental behavior along with normal data consumption. These unique elements in the exploit chain allow for significant new methods and impacts as a result of a cyber attack. As the weakest point in any cyber defense is always the human element, these devices can significantly increase the ability to exploit human interface mechanisms and physical protection mechanisms.
In determining and communicating threats and attack vectors it is advisable to provide a common nomenclature and identification schema. This will allow end-customers and penetration testing groups to address specific threat areas of interest derived from specific customer concerns normally described in narrative format. These attack categories can be used both to frame the scenario and synchronize elements of concern with specific threats, exploits and vulnerabilities.
| Attack Objective | Target | Description |
| Footprinting | Device | Identification of the device network based on discovery analysis. |
| Interception | Network | Traffic intercepted from the wearable to a linked device. |
| Protocol Analysis | Network | Potential cryptanalysis of encrypted traffic. |
| Excavation | Device | Legitimate functional data (spatial mapping, video, etc.) extracted from the target device. |
| Attack Objective | Target | Description |
| Code Injection | Device | Injection of malicious code directly to the device through existing protocols. |
| Object Injection | User | Injection of digital objects in viewing space in order to hide, distract from or clone legitimate digital objects. |
| Environment Interference | User | Injection of digital objects in viewing space in order to overwhelm, confuse or blind a user to real objects in the environment. |
| Object Manipulation | User | Manipulation of legitimate digital objects in order to convey invalid information or induce improper user action. |
| Environment Manipulation | User | Manipulation of digital objects in order to confuse the user regarding the real environmental state. |
| Traffic Injection | Device | Injection of non-specific traffic in order to overwhelm or induce specific state in the device. |
| Command Injection | Device | Injection of commands through existing protocols to achieve malicious effects. |
You must be an AREA subscriber and logged in to access this content. Please login or click below to create your free AREA subscriber account and access this valuable content today.
Need more advice on the types of membership you cant get? Click here for our FAQ section on memberships.