“There are only a number of collaboration platforms in use today for enterprise and defense, and a very good chunk of the doubtless vulnerable collaboration tools most probably don’t hook up with the open web,” Sag said. “That’s why I believe a variety of the implementations that the federal government wants to make use of — or any sort of secure applications like enterprises [rely on] — must have code evaluations and audits.”
The researchers said the attacks can be difficult for users to understand and discover. “An attack might alter the environment for one user without affecting the view of others or disrupt communication between users at a critical moment,” the researchers said.
They noted the potential for a “click redirection attack,” which they likened to web-based clickjacking. On this case, a malicious party could attack a 3D object in a collaborators’ field of view. When the person tries to maneuver the article, the motion affects one other 3D object as a substitute.
