research-article

No Escape From Reality: Security and Privacy of Augmented Reality Browsers

Authors:

Richard McPherson,

Vitaly ShmatikovAuthors Info & Claims

WWW '15: Proceedings of the 24th International Conference on World Wide Web

Pages 743 - 753

https://doi.org/10.1145/2736277.2741657

Published: 18 May 2015 Publication History

Abstract

Augmented reality (AR) browsers are an emerging category of mobile applications that add interactive virtual objects to the user's view of the physical world. This paper gives the first system-level evaluation of their security and privacy properties.

We start by analyzing the functional requirements that AR browsers must support in order to present AR content. We then investigate the security architecture of Junaio, Layar, and Wikitude browsers, which are running today on over 30 million mobile devices, and identify new categories of security and privacy vulnerabilities unique to AR browsers. Finally, we provide the first engineering guidelines for securely implementing AR functionality.

References

[1]

G. Abowd, C. Atkeson, J. Hong, S. Long, R. Kooper, and M. Pinkerton. Cyberguide: A mobile context-aware tour guide. Wireless Networks, 3(5), 1997.

Digital Library

[2]

R. T. Azuma. A survey of augmented reality. Presence: Teleoperators and Virtual Environments, 6(4):355--385, 1997.

Digital Library

[3]

R. T. Azuma, Y. Baillot, R. Behringer, S. Feiner, S. Julier, and B. MacIntyre. Recent advances in augmented reality. Computer Graphics and Applications, 21(6):34--47, 2001.

Digital Library

[4]

D. Bates, A. Barth, and C. Jackson. Regular expressions considered harmful in client-side XSS filters. In WWW, 2010.

Digital Library

[5]

A. Dabrowski, K. Krombholz, J. Ullrich, and E. Weippl. QR inception: Barcode-in-barcode attacks. In SPSM, 2014.

Digital Library

[6]

L. D'Antoni, A. Dunn, S. Jana, T. Kohno, B. Livshits, D. Molnar, A. Moshchuk, E. Ofek, F. Roesner, S. Saponas, M. Veanes, and H. J. Wang. Operating system support for augmented reality applications. In HotOS, 2013.

Digital Library

[7]

Layar launches "world's first augmented reality store". http://eurodroid.com/2010/04/28/layar-launches-worlds-first-augmented-reality-store, 2010.

[8]

S. Feiner, B. MacIntyre, T. Höllerer, and A. Webster. A touring machine: Prototyping 3D mobile augmented reality systems for exploring the urban environment. Personal Technologies, 1(4), 1997.

[9]

M. Georgiev, S. Jana, and V. Shmatikov. Breaking and fixing origin-based access control in hybrid Web/mobile application frameworks. In NDSS, 2014.

[10]

B. Henne, M. Harbach, and M. Smith. Location privacy revisited: Factors of privacy decisions. In CHI, 2013.

Digital Library

[11]

L.-S. Huang, A. Moshchuk, H. J. Wang, S. Schechter, and C. Jackson. Clickjacking: Attacks and defenses. In USENIX Security, 2012.

Digital Library

[12]

S. Jana, D. Molnar, A. Moshchuk, A. Dunn, B. Livshits, H. J. Wang, and E. Ofek. Enabling fine-grained permissions for augmented reality applications with recognizers. In USENIX Security, 2013.

Digital Library

[13]

S. Jana, A. Narayanan, and V. Shmatikov. A scanner Darkly: Protecting user privacy from perceptual applications. In S&P, 2013.

Digital Library

[14]

Become a Junaio developer. http://www.slideshare.net/metaio_AR/why-to-become-a-junaio-developer, 2013.

[15]

A. Kharraz, E. Kirda, W. Robertson, D. Balzarotti, and A. Francillon. Optical delusions: A study of malicious QR codes in the wild. In DSN, 2014.

Digital Library

[16]

R. Kooper and B. B. MacIntyre. Browsing the real-world wide web: Maintaining awareness of virtual information in an AR information space. International Journal of Human-Computer Interaction, 16(3), 2003.

[17]

K. Krombholz, P. Frühwirt, P. Kieseberg, I. Kapsalis, M. Huber, and E. Weippl. QR code security: A survey of attacks and challenges for usable security. In HCI, 2014.

Digital Library

[18]

Layar introduction for developers. http://www.slideshare.net/layarmobile/layar-introduction-for-developers, 2011.

[19]

Open Geospatial Consortium. OGC augmented reality markup language 2.0 (ARML 2.0) {candidate standard}. http://www.opengeospatial.org/projects/groups/arml2.0swg, 2013.

[20]

M. Osadchy, B. Pinkas, A. Jarrous, and B. Moskovich. SCiFI - A system for secure face identification. In S&P, 2010.

Digital Library

[21]

C. Perey. A proposal for AR browser interoperability. http://www.perey.com/ARStandards/AR_Browser_Interoperability_Architecture_Jan_21_2014_v1_2.pdf, 2014.

[22]

F. Roesner, T. Kohno, T. Denning, R. Calo, and B. C. Newell. Augmented reality: Hard problems of law and policy. In UPSIDE, 2014.

Digital Library

[23]

F. Roesner, T. Kohno, and D. Molnar. Security and privacy for augmented reality systems. In Communications of the ACM, volume 57, pages 88--96, 2014.

Digital Library

[24]

G. Rydstedt, E. Bursztein, and D. Boneh. Framing attacks on smart phones and dumb routers: Tap-jacking and geo-localization. In WOOT, 2010.

Digital Library

[25]

G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson. Busting frame busting: A study of clickjacking vulnerabilities at popular sites. In W2SP, 2010.

[26]

S. Son and V. Shmatikov. The postman always rings twice: Attacking and defending postMessage in HTML5 websites. In NDSS, 2013.

[27]

Same origin policy. http://www.w3.org/Security/wiki/Same_Origin_Policy.

[28]

J. Spohrer. Information in places. IBM Systems Journal, 38(4):602--628, 1999.

Digital Library

[29]

Wikitude for agencies. http://www.slideshare.net/wikitude/wikitude-media-portfolio-presentation, 2012.

[30]

Z. Wu, Q. Ke, M. Isard, and J. Sun. Bundling features for large scale partial-duplicate web image search. In CVPR, 2009.

[31]

The X-Frame-Options response header. https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options.

Cited By

A. Alshumaimeri Y(2024)Gamifying the Learning Experience in the Language ClassroomAsian Journal of Multidisciplinary Research & Review10.55662/AJMRR.2024.55045:5(107-148)Online publication date: 30-Oct-2024
https://doi.org/10.55662/AJMRR.2024.5504
Zhang XRafi TGuan YLi SLyu MFilkov VRay BZhou M(2024)Demystifying the Privacy-Realism Dilemma in the MetaverseProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops10.1145/3691621.3694958(245-250)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691621.3694958
Lee LLin Z(2024)Danger, Nuisance, Disregard: Analyzing User-Generated Videos for Augmented Reality Gameplay on Hand-held DevicesProceedings of the ACM on Human-Computer Interaction10.1145/36770638:CHI PLAY(1-33)Online publication date: 15-Oct-2024
https://dl.acm.org/doi/10.1145/3677063
Show More Cited By

Index Terms

No Escape From Reality: Security and Privacy of Augmented Reality Browsers
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Augmented reality as perceptual reality
VSMM'06: Proceedings of the 12th international conference on Interactive Technologies and Sociotechnical Systems

As shown in Paul Milgram et al’s Reality-Virtuality Continuum (1994), Augmented Reality occupies a very unique status in the spectrum of Mixed Reality. Unlike Virtual Reality, which is completely made up of the virtual and has been the most important ...
Haptics in Augmented Reality
ICMCS '99: Proceedings of the IEEE International Conference on Multimedia Computing and Systems - Volume 2

An augmented reality system merges synthetic sensory information into a user's perception of a three-dimensional environment. An important performance goal for an augmented reality system is that the user perceives a single seamless environment. In most ...
Remixed Reality: Manipulating Space and Time in Augmented Reality
CHI '18: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems

We present Remixed Reality, a novel form of mixed reality. In contrast to classical mixed reality approaches where users see a direct view or video feed of their environment, with Remixed Reality they see a live 3D reconstruction, gathered from multiple ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

WWW '15: Proceedings of the 24th International Conference on World Wide Web

May 2015

1460 pages

ISBN:9781450334693

General Chairs:
Aldo Gangemi
National Research Council, Italy & Paris 13 University-CNRS, France
,
Stefano Leonardi
Sapienza University of Rome, Italy
,
Alessandro Panconesi
Sapienza University of Rome, Italy

Copyright © 2015 Copyright is held by the International World Wide Web Conference Committee (IW3C2).

Sponsors

IW3C2: International World Wide Web Conference Committee

In-Cooperation

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

International World Wide Web Conferences Steering Committee

Republic and Canton of Geneva, Switzerland

Publication History

Published: 18 May 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NIH
NSF
Google

Conference

WWW '15

Sponsor:

IW3C2

WWW '15: 24th International World Wide Web Conference

May 18 - 22, 2015

Florence, Italy

Acceptance Rates

WWW '15 Paper Acceptance Rate 131 of 929 submissions, 14%;

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

28
Total Citations
View Citations
694
Total Downloads

Downloads (Last 12 months)40
Downloads (Last 6 weeks)3

Reflects downloads up to 28 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

A. Alshumaimeri Y(2024)Gamifying the Learning Experience in the Language ClassroomAsian Journal of Multidisciplinary Research & Review10.55662/AJMRR.2024.55045:5(107-148)Online publication date: 30-Oct-2024
https://doi.org/10.55662/AJMRR.2024.5504
Zhang XRafi TGuan YLi SLyu MFilkov VRay BZhou M(2024)Demystifying the Privacy-Realism Dilemma in the MetaverseProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering Workshops10.1145/3691621.3694958(245-250)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691621.3694958
Lee LLin Z(2024)Danger, Nuisance, Disregard: Analyzing User-Generated Videos for Augmented Reality Gameplay on Hand-held DevicesProceedings of the ACM on Human-Computer Interaction10.1145/36770638:CHI PLAY(1-33)Online publication date: 15-Oct-2024
https://dl.acm.org/doi/10.1145/3677063
Hadan HWang DNacke LZhang-Kennedy L(2024)Privacy in Immersive Extended Reality: Exploring User Perceptions, Concerns, and Coping StrategiesProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642104(1-24)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642104
Gupta Y(2024)Biomedical Data VisualizationText Mining Approaches for Biomedical Data10.1007/978-981-97-3962-2_5(89-103)Online publication date: 4-Sep-2024
https://doi.org/10.1007/978-981-97-3962-2_5
A. Alshumaimeri Y(2023)Gamifying the Learning Experience in the Language ClassroomAsian Journal of Multidisciplinary Research & Review10.55662/AJMRR.2023.46044:6(116-163)Online publication date: 21-Dec-2023
https://doi.org/10.55662/AJMRR.2023.4604
Kim YGoutam SRahmati AKaufman ACalandrino JTroncoso C(2023)ErebusProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620290(929-946)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620290
Wang XLee LBermejo Fernandez CHui P(2023)The Dark Side of Augmented Reality: Exploring Manipulative Designs in ARInternational Journal of Human–Computer Interaction10.1080/10447318.2023.218879940:13(3449-3464)Online publication date: 27-Mar-2023
https://doi.org/10.1080/10447318.2023.2188799
Syed TSiddiqui MAbdullah HJan SNamoun AAlzahrani ANadeem AAlkhodre A(2022)In-Depth Review of Augmented Reality: Tracking Technologies, Development Tools, AR Displays, Collaborative AR, and Security ConcernsSensors10.3390/s2301014623:1(146)Online publication date: 23-Dec-2022
https://doi.org/10.3390/s23010146
Syed TJan SSiddiqui MAlzahrani ANadeem AAli AUllah A(2022)CAR-Tourist: An Integrity-Preserved Collaborative Augmented Reality Framework-Tourism as a Use-CaseApplied Sciences10.3390/app12231202212:23(12022)Online publication date: 24-Nov-2022
https://doi.org/10.3390/app122312022
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten