The Alphaville Herald

Shoulder Surfing Security Flaw In Vivox SL Phones

by Pixeleen Mistral on 13/10/06 at 10:49 am

No pretext needed – call record visible to bystanders

by Pixeleen Mistral, Herald National Affairs desk

Roving cameras can reveal private phone numbers

Herald investigations confirm a serious privacy problem with Vivox phone booths in Second Life. A reliable source recently informed the Herald that shoulder surfing in SL makes it easy to observe the calling habits of unwary metaverse citizens. With the phone number being called in hand, Google and any number of reverse phone directory web sites make it a simple matter to connect the phone number to a real person – and their address as well. Casual observers in the metaverse may then connect the dots between SL avatar originating the call and persons they associate with in RL.

All of this may come as a surprise to impoverished metaverse citizens who want to make a free call to meatspace. But if the real-life HP phone record pretexting scandals are any guide, private investigators will try to obtain phone records by any means necessary – TOS violation or not. Some people are likely to have concerns about this information being used to harass or blackmail those who make or receive calls from some of SL’s more colorful characters. I really hope we never see someone – say a member of congress – responding to questions about contacts with an underage furrie call girl from the metaverse – as a purely hypothetical example.

How hard is it to observe a phone number dialed on a Vivox phone? Take a page from the RL surveillance technique known as shoulder surfing. In SL, shoulder surfing is easy, since you can zoom your camera – or viewpoint – independently of your avatar’s location. By waiting near a phone and zooming the camera to focus on the phone number display, it is easy to see the number dialed. In the Herald investigations, I found the bright green phone number seems to automatically position itself to display in front of my camera, so precise camera work is not necessary. This makes it easier for noobies to see the display when they make a call – but also makes it impossible to block the view of the number with an avatar’s body.

shoulder surfing view with the camera locked on the phone

There may be lessons here for RL companies as they move their services into the betaverse metaverse. While SL make look a lot like the real world, there are some important differences that may work against a literal translation of RL objects into SL – particularly for phones and ATM machines. One might suspect that issues with Vivox’s phones are due to limits in the technology of SL itself since Second Life seems to be somewhat limited in providing user interface tools for private dialogs.

Rob Seaver, CEO of Vivox, said, “The line between the virtual and physical worlds is becoming thinner every day” in a Vivox press release announcing the million free minutes give away. As that line becomes thinner, and Second Life’s technology is put to new uses, RL privacy issues – and surveillance techniques – are likely to become more common. Let us hope that Vivox heeds the call to address these issues quickly.