The largest distinguishing factor in the inclusion of AR devices is the potential vulnerabilities that the devices can introduce to the enterprise. Similar to the impact potential associated with Industrial Control Systems (ICS) devices, AR devices allow bridges to data in physical space. In the case of ICS devices, the manipulation of the ICS is the objective, and the IT infrastructure is the pathway to the objective. AR devices however, allow unique perception of the environmental space in which the device exists by virtue of its external sensing capabilities. Audio, Video, Spatial Mapping, Thermal, and Geographic Location features all collect data that can be used or captured for adverse purposes. These data sets could allow capture of data that would allow an attacker to circumvent a protection mechanism or allow the transition of attack from one vector to another. This change in the attack chain, or vector transition consists of exploiting a network connected to the AR device, capturing the data and using it to attack a non-connected system. Examples include password eavesdropping on an air-gapped system, alarm system PIN capture, token capture, or user behavior tracking.
In examining the security factors associated with AR devices in the enterprise it is important to identify the factors that differentiate the devices from traditional IT systems. Similarities in architecture, OS and communication protocol will allow for like attack vectors from a vulnerability perspective. AR devices have a very specific set of impacts that deal with the unique attributes that AR devices bring to the enterprise.
AR devices by their inherent feature sets provide distinguishing impact characteristics in two areas:
1) As a collector of environmental data
2) As an injector of data to a user
The first differentiator is most significant as the AR devices inherently allow collection of visual, audio, network configuration, user behavior, and environmental behavior along with normal data consumption. These unique elements in the exploit chain allow for significant new methods and impacts as a result of a cyber attack. As the weakest point in any cyber defense is always the human element, these devices can significantly increase the ability to exploit human interface mechanisms and physical protection mechanisms.
In determining and communicating threats and attack vectors it is advisable to provide a common nomenclature and identification schema. This will allow end-customers and penetration testing groups to address specific threat areas of interest derived from specific customer concerns normally described in narrative format. These attack categories can be used both to frame the scenario and synchronize elements of concern with specific threats, exploits and vulnerabilities.
Attack Objective | Target | Description |
Footprinting | Device | Identification of the device network based on discovery analysis. |
Interception | Network | Traffic intercepted from the wearable to a linked device. |
Protocol Analysis | Network | Potential cryptanalysis of encrypted traffic. |
Excavation | Device | Legitimate functional data (spatial mapping, video, etc.) extracted from the target device. |