New tools minimize risks in shared, augmented-reality environments

A few summers ago, throngs of people began using the Pokemon Go app, the first mass-market augmented reality (AR) game, to collect virtual creatures hiding in the physical world.

For now, AR remains mostly a solo activity, but soon people might be using the technology for group activities such as playing multi-user games or collaborating on work or creative projects. How can developers guard against bad actors who try to hijack these experiences, and prevent privacy breaches in environments that span digital and physical space?

University of Washington security researchers have developed ShareAR, a toolkit that lets app developers build in collaborative and interactive features without sacrificing their users' privacy and security. The researchers presented their findings on August 14 at the USENIX Security Symposium in Santa Clara, California.

"A key role for computer security and privacy research is to anticipate and address future risks in emerging technologies," said Franziska Roesner of the UW Paul G. Allen School of Computer Science & Engineering. "It is becoming clear that multi-user AR has a lot of potential, but there has not been a systematic approach to addressing the possible security and privacy issues that will arise."

Sharing virtual objects in AR is in some ways like sharing files on a cloud-based platform like Google Drive -- but there's a big difference. AR content isn't confined to a screen as Google Docs are, the researchers said. It's embedded into the physical world we see around us.

The research is funded by NSF's Directorate for Computer and Information Science and Engineering.