Risk-based cybersecurity assessment of augmented reality applications using IMECA analysis

The subject of this study is a method for analyzing threats and vulnerabilities and selecting countermeasures to ensure cybersecurity in augmented reality (AR) applications. The goal of this study is to increase the completeness of cybersecurity assessment of AR applications by using a formalized procedure for identifying and analyzing the risks of common threats, vulnerabilities, and types of attacks. This study is based on the well-known IMESA method (analysis of types, consequences and criticality of interventions), which structures the procedure for analyzing and minimizing risks by introducing appropriate countermeasures to ensure acceptable cybersecurity risks. Objectives: to substantiate the set of major cybersecurity threats specific to AR applications; to identify and describe download vulnerabilities in AR systems; to provide a detailed classification of various cyberattacks aimed at AR platforms, considering the results of a study of recent incidents; to use the IMECA method to describe and analyze cybersecurity issues in a structured manner and to propose reliable countermeasures. According to the tasks, the following results were obtained: 1) a classification of threats with a detailed description of how each of them can affect AR applications, namely threats such as software interference, unauthorized access, and malicious hardware embedding; 2) a critical analysis of weaknesses in AR systems, in particular, insecure data storage and insufficient authentication before using sensors, which provides an understanding of possible attack vectors; 3) a detailed description of various attack methodologies, including AR phishing, AR malware, and man-in-the-middle attacks, each illustrated with real-world examples or hypothetical scenarios. A systematic approach using the IMECA framework was used to identify, assess, and ensure the cybersecurity of AR applications using a set of proposed countermeasures. Conclusions. AR technology, despite its revolutionary nature and great potential, poses a unique set of cybersecurity challenges. These challenges are related to the immersive nature of the technology, dependence on real-time data, and integration with the physical world. The study emphasizes that an understanding of the threat landscape, combined with an IMESA-structured approach to risk management, is crucial for the secure development of AR applications. Developers, users, and managers responsible for security policies need to be proactive, innovative, and aligned in their approach to cybersecurity in AR systems.