Products have substantial flaws, technology designers seek ways to extract money from users, and many users twist well intentioned technology in ways the designers never expected, often involving baser instincts. These realities should come as no surprise to security professionals who are usually most effective when assuming the worst in people. One sure to be abused emerging technology is augmented reality. Augmented reality technologies overlay computer generated data on a live view of the real world. Anticipated application domains include entertainment, travel, education, collaboration, and law enforcement, among numerous others.
Augmented reality bears great promise as exemplified by Google’s highly optimistic “Project Glass: One day...” video. In the video, a theoretical descendent of Google’s Project Glass helps the user navigate a city, communicate, learn the weather, and otherwise manage his day. A day after Google posted the video, YouTube user rebelliouspixels posted a parody video “ADmented Reality” that remixed Google’s Project Glass vision with Google Ads. As we look to the future, this less optimistic view likely will be closer to the mark. It is important for the security community to start considering unintended, malicious, and evil applications now, before we see widespread adoption of augmented reality technologies.
In this article, we combine augmented reality with reasonable assumptions of technological advancement, business incentives, and human nature to present less optimistic, but probable, future augmented reality applications. Admittedly, some are dystopian. We end with suggestions for the security and usability communities to consider now -- so that we may be better prepared for our future of augmented reality and the threats and opportunities it presents.
We do not intend to propose science fiction, but instead consider technologies available today or likely to arrive in the next five to ten years. Unless otherwise stated, we assume the capabilities and overall popularity of today’s iPhone/iPad - always on networking, high resolution video cameras, microphones, audio, voice recognition, location awareness, ability to run third-party applications, and processing support from back-end cloud services - but resident in a lightweight set of eyewear with an integrated heads-up display.
Learning from the past
As we consider potential misuse and risks associated with augmented reality we can learn a great deal from past desktop applications and current iPhone and Android apps to gain insight into both human nature and technical possibilities.
From this analysis we identify at least three primary threat categories. The first category is simplest, current applications that are easily ported to future systems, with little to no augmentation. The next category includes hybrid threats that are likely to evolve due to enhanced capabilities provided by augmented reality.