“There are only a few collaboration platforms in use today for enterprise and defense, and a good chunk of the potentially vulnerable collaboration tools most likely don’t connect to the open internet,” Sag said. “That’s why I think a lot of the implementations that the government wants to use — or any kind of secure applications like enterprises [rely on] — need to have code evaluations and audits.”
The researchers said the attacks would be difficult for users to comprehend and identify. “An attack might alter the environment for one user without affecting the view of others or disrupt communication between users at a critical moment,” the researchers said.
They noted the possibility of a “click redirection attack,” which they likened to web-based clickjacking. In this case, a malicious party could attack a 3D object in a collaborators’ field of view. When the person tries to move the object, the action affects another 3D object instead.
