Biometric Authentication Could Be an Achilles Heel for Metaverse Security

November 8, 2022

Trend Micro research highlights risks posed by more seamless log-in technology

Trend Micro Incorporated released a new report warning that exposed biometric data creates a serious authentication risk across a wide range of digital scenarios, including the metaverse.

“Research from Trend Micro reveals the risks posed by exposed biometric data and what users need to know to protect themselves.”

To read a full copy of the report, Leaked Today, Exploited for Life: How Social Media Biometric Patterns Affect, please visit:

William Malik, vice president of infrastructure strategies at Trend Micro said, “The use of biometrics is championed by some as a more secure, easier to use alternative for passwords. However, unlike passwords, our features can’t be easily changed. So a compromise could have a long-lasting impact on users. Hijacking a user’s metaverse profile in the future could be similar to gaining complete access to their PC today.”

Trend Micro defines the metaverse as: “a cloud distributed, multi-vendor, an immersive-interactive operating environment that users can access through different categories of connected devices.”

As such, those able to impersonate individuals inside this new iteration of the web could gain access to everything from online banking accounts and cryptocurrency stores to highly sensitive corporate data.

As outlined in the report, threat actors in the future may be able to use stolen or leaked biometric data to trick connected devices, such as VR/AR headsets, into logging them in as someone else. That could open the door to data theft, fraud, extortion, and much more.

Metaverse user profiles may also be an attractive target as a valuable source of additional biometric data, such as detailed 3D user models that mimics a person’s real-life bio features.

In this new computing environment, two of the three factors typically used to authenticate will be registered with the software maintaining the metaverse, for example.

Trend Micro’s report is intended to generate more dialog in the IT and security community about how to head off such potential risks. It warns that huge volumes of biometrics details, including face, voice, iris, palm, and fingerprint patterns, are already being exposed online in high enough quality to trick authentication systems.

It can be found in images and audio content posted on social media and messaging platforms, news media sites, and government portals that people use every day.

As well as helping threat actors bypass authentication checks, judicious use of leaked or stolen biometric data could also help to create deepfake models en masse, the report warns.

Related Articles

Collective agreement reached for the 25,000 aviation security workers

Collective agreement reached for the 25,000 aviation security workers

On the 16th May 2023, after countless and controversial collective bargaining negotiations, some of which were accompanied by strikes, a collective agreement was reached for the 25,000 employees in aviation security. The collective bargaining parties BDLS, ver.di and...

Employees accept digital monitoring

Employees accept digital monitoring

Gartner surveyed around 5,000 employees - Not every form of monitoring is desired "Digital workers" in the UK, India, China and the US find digital monitoring OK under certain conditions. This means electronic monitoring systems that continuously check whether company...

Share This