Siemens Metaverse, a virtual platform that enables the creation of digital replicas of factories and offices, was recently found to be leaking sensitive data. The system was discovered by the Cybernews research team, which found that the platform was exposing information including the company’s office plans, internet of things (IoT) devices, and ComfyApp user credentials.
The latter potentially allowed hackers access to sensitive data including floor plans and employee calendars. Siemens has since addressed the leak but has downplayed its severity, calling it non-critical.
The metaverse market is growing, with companies and governments adopting the technology for business and entertainment.
Seoul has launched a metaverse platform for official business and entertainment, Dubai has launched an ambitious metaverse strategy to create virtual jobs, and the European Union has developed its own youth-oriented metaverse.
However, there are concerns regarding the metaverse’s potential to expose users to digital and physical attacks, and the Cybernews team has warned that attackers could exfiltrate a treasure trove of sensitive data given the importance of the technologies and machines used by critical infrastructure.
The metaverse has a wide attack surface, which could increase cybercrime such as phishing and harassment, and create a new Wild West of privacy issues and criminal concerns.
Cybersecurity experts are worried about the rise of the darkverse, a kind of dark web in the metaverse where threat actors would thrive beyond the reach of law enforcement.
The hype around the metaverse concept may have died down, but the technology is still expanding, and companies need to take cybersecurity seriously.
The Cybernews team has raised the issue of Siemens Metaverse to bring attention to the fact that metaverse technologies are now being used in situations where they can leak sensitive real-world data.
Although the hype surrounding the metaverse has died down, the potential for attack vectors in the metaverse is still significant, and it is essential to take cybersecurity seriously to prevent cybercrime.
