Lack of parental controls on Oculus Quest 2 puts children's privacy at risk

As more kids use Virtual Reality for gaming, Meta (Formerly Facebook) raises concerns about parental controls on its popular virtual reality headset, as campaigners warned that it could breach an online children’s safety code and cybersecurity experts point out privacy concerns, since it is has grown by 480% on Christmas week, according to Sensor Tower data. Many believe that this rise could be linked to sales of the Quest 2 headset, which is compatible with the app and is considered to be one of the most presented items to children around the world.

A range of studies conducted over the years questions the impact VR gaming can have on children's physical and psychological development. With every new technology, manufacturers want to jump on the train as soon as possible. This can result in major security oversights for some products specially in case of games and VR headsets. Hackers can easily take advantage of these vulnerabilities. And since children usually poorly understand the possible risks, they are the perfect targets for cybercriminals.

There could be potential threats that parents should know about, the most important virtual reality privacy issue is the highly personal nature of the collected data, which includes biometric data such as eye scans, fingerprints, face geometry, and voiceprints. It is nearly impossible to stay anonymous while using VR as the behavioural and biometric information collected by most headsets can be used to identify users with very high accuracy.

There is much talk about Identity theft, a report says 28% of all Americans report to have been victims of identity theft in 2021 alone, showing how serious this problem is. Studies estimate that by 2030, nearly two-thirds of identity-fraud cases affecting today’s children will have resulted from oversharing on social media by kids and their parents.

Poorly protected virtual reality games can grant crooks easy access to player’s accounts, where they can get all the information they need for identity theft. Everything from their date of birth and place of residence to their bank account and credit card information. On the other hand, even if the account isn’t connected to any social media, the user’s data still is collected by Meta. Given Facebook’s poor track record with user data leaks where data of 533 million users leaked last year, this already puts kids’ privacy in danger.

Combined with the biometric and behavioural data gained after hacking a VR device, this can be used to make charges on the hacked accounts, buying medical services in the account owner’s name, committing credit card fraud, and more.

Deepak Sahu, President & CEO, VARINDIA