Security and Privacy in Metaverse: A Comprehensive Survey

• Published in: Big Data Mining and Analytics Vol. 6; no. 2; pp. 234 - 247
• Main Authors: Huang, Yan, Li, Yi Joy, Cai, Zhipeng
• Format: Journal Article
• Language: English
• Published: Beijing Tsinghua University Press 01.06.2023
• Subjects: cyber infrastructure; cybersecurity; extended reality; Immersive virtual reality; metaverse; Privacy; privacy protection; Security
• ISSN: 2096-0654; 2097-406X
• DOI: 10.26599/BDMA.2022.9020047

Metaverse describes a new shape of cyberspace and has become a hot-trending word since 2021. There are many explanations about what Meterverse is and attempts to provide a formal standard or definition of Metaverse. However, these definitions could hardly reach universal acceptance. Rather than providing a formal definition of the Metaverse, we list four must-have characteristics of the Metaverse: socialization, immersive interaction, real world-building, and expandability. These characteristics not only carve the Metaverse into a novel and fantastic digital world, but also make it suffer from all security/privacy risks, such as personal information leakage, eavesdropping, unauthorized access, phishing, data injection, broken authentication, insecure design, and more. This paper first introduces the four characteristics, then the current progress and typical applications of the Metaverse are surveyed and categorized into four economic sectors. Based on the four characteristics and the findings of the current progress, the security and privacy issues in the Metaverse are investigated. We then identify and discuss more potential critical security and privacy issues that can be caused by combining the four characteristics. Lastly, the paper also raises some other concerns regarding society and humanity.