STAP Journal of Security Risk Management

ISSN: 3080-9444 (Online)

A Comprehensive Review of Security and Privacy Challenges and Solutions in Autonomous Driving Systems

by 

Mohammed Amin ;

Youakim Badr ;

Qais Al-Na’amneh ;

Mahmoud Aljawarneh ;

Rahaf Hazaymih ;

Shahid Munir Shah

PDF logoPDF

Published: 2024/11/16

Abstract

The rapid evolution of immersive technologies such as Augmented Reality (AR) and Virtual Reality (VR) has transformed sectors ranging from entertainment and healthcare to education and industrial operations. However, the increasing integration of these technologies into daily life introduces a new landscape of cybersecurity and privacy challenges. This review paper provides a comprehensive comparative analysis of security threats associated with AR and VR systems, emphasizing the unique vulnerabilities that arise from their distinct architectures and user interaction models. We examine emerging attack vectors such as sensor spoofing, man-in-the-room attacks, data leakage through AR overlays, VR hijacking, and unauthorized motion tracking. The paper also explores crosscutting issues like biometric data misuse, identity theft in virtual spaces, and spatial-temporal data inference. A critical comparison is made between the threat surfaces of AR—where the virtual is overlaid on the physical—and VR—where users are fully immersed in synthetic environments. In parallel, we evaluate a range of mitigation strategies and defense mechanisms, including secure sensor integration, encryption protocols, context-aware access control, and privacy-preserving rendering techniques. The paper concludes by identifying key research gaps and proposing a roadmap for developing holistic and resilient security frameworks tailored to the future of immersive technologies.

Keywords

Augmented RealityVirtual RealityCybersecurity PrivacySensor SpoofingData LeakageVR HijackingMotion TrackingBiometricsMitigation StrategiesImmersive Technologies

References

  1. Jaradat, A. S., Nasayreh, A., Al-Na’amneh, Q., Gharaibeh, H., & Al Mamlook, R. E. (2023). Genetic optimization techniques for enhancing web attacks classification in machine learning. In 2023 IEEE International Conference on Dependable, Autonomic and Secure Computing, Pervasive Intelligence and Computing, Cloud and Big Data Computing, Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech) (pp. 0130–0136). IEEE.
  2. Aljaidi, M., Alsarhan, A., Al-Fraihat, D., Al-Arjan, A., Igried, B., El-Salhi, S. M., Khalid, M., & Al-Na’amneh, Q. (2023). Cybersecurity threats in the era of AI: Detection of phishing domains through classification rules. In 2023 2nd International Engineering Conference on Electrical, Energy, and Artificial Intelligence (EICEEAI) (pp. 1–6). IEEE.
  3. Al-Na’amneh, Q., Almaiah, M. A., Smadi, S., Hazaymih, R., & Alabadi, L. (2025). Attacks detection and mitigation of IoT using machine learning model. In Utilizing AI in Network and Mobile Security for Threat Detection and Prevention (pp. 115–132). IGI Global Scientific Publishing.
  4. Al-Na’amneh, Q., Aljaidi, M., Nasayreh, A., Gharaibeh, H., Al Mamlook, R. E., Jaradat, A. S., Alsarhan, A., & Samara, G. (2024). Enhancing IoT device security: CNN-SVM hybrid approach for real-time detection of DoS and DDoS attacks. Journal of Intelligent Systems.
  5. Alshuaibi, A., Almaayah, M., & Ali, A. (2025). Machine learning for cybersecurity issues: A systematic review. Journal of Cyber Security and Risk Auditing, 2025(1), 36–46.
  6. Alghamdi, A., Alkinoon, A., Alghuried, A., & Mohaisen, D. (2024). XR-Droid: A benchmark dataset for AR/VR and security applications. IEEE Transactions on Dependable and Secure Computing.
  7. Roesner, F., & Kohno, T. (2021). Security and privacy for augmented reality: Our 10-year retrospective. In VR4Sec: 1st International Workshop on Security for XR and XR for Security.
  8. De Guzman, J. A., Thilakarathna, K., & Seneviratne, A. (2019). Security and privacy approaches in mixed reality: A literature survey. ACM Computing Surveys (CSUR), 52(6), 1–37.
  9. Lebeck, K., Ruth, K., Kohno, T., & Roesner, F. (2018). Towards security and privacy for multi-user augmented reality: Foundations with end users. In 2018 IEEE Symposium on Security and Privacy (SP) (pp. 392–408). IEEE.
  10. Li, X., Yi, W., Chi, H.-L., Wang, X., & Chan, A. P. (2018). A critical review of virtual and augmented reality (VR/AR) applications in construction safety. Automation in Construction, 86, 150–162.
  11. Kachur, A., Lysenko, S., Bodnaruk, O., & Gaj, P. (2024). Methods of improving security and resilience of VR systems’ architecture. In IntelITSIS (pp. 285–304).
  12. Mushtaq, M., Jha, R., Sabraj, M., & Jain, S. (2024). Attack modeling and security analysis using machine learning algorithms enabled with augmented reality and virtual reality. International Journal of Computer Networks and Information Security (IJCNIS), 16(4), 118–129.
  13. Gulhane, A., Vyas, A., Mitra, R., Oruche, R., Hoefer, G., Valluripally, S., Calyam, P., & Hoque, K. A. (2019). Security, privacy and safety risk assessment for virtual reality learning environment applications. In 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC) (pp. 1–9). IEEE.
  14. Happa, J., Glencross, M., & Steed, A. (2019). Cyber security threats and challenges in collaborative mixed-reality. Frontiers in ICT, 6, 5.
  15. Zhang, Y., Slocum, C., Chen, J., & Abu-Ghazaleh, N. (2023). It’s all in your head(set): Side-channel attacks on AR/VR systems. In 32nd USENIX Security Symposium (USENIX Security 23) (pp. 3979–3996).
  16. Adams, D., Bah, A., Barwulor, C., Musaby, N., Pitkin, K., & Redmiles, E. M. (2018). Ethics emerging: The story of privacy and security perceptions in virtual reality. In Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018) (pp. 427–442).
  17. Giaretta, A. (2024). Security and privacy in virtual reality: A literature survey. Virtual Reality, 29(1), 10.
  18. Milon, A. G., & tom Dieck, M. (2024). AR and VR in the spotlight: A systematic literature review of security, privacy, and ethical concerns. In Smart Ethics in the Digital World: Proceedings of the ETHICOMP 2024 (pp. 54–57). Universidad de La Rioja.
  19. Chen, Z., Wu, J., Gan, W., & Qi, Z. (2022). Metaverse security and privacy: An overview. In 2022 IEEE International Conference on Big Data (Big Data) (pp. 2950–2959). IEEE.
  20. de Armas, C., Tori, R., & Netto, A. V. (2020). Use of virtual reality simulators for training programs in the areas of security and defense: A systematic review. Multimedia Tools and Applications, 79(5), 3495–3515.
  21. Hoole, R., & Jahankhani, H. (2021). Security framework for delivery of training, using VR technology. In Information Security Technologies for Controlling Pandemics (pp. 357–386).
  22. Bang, J., Lee, Y., Lee, Y.-T., & Park, W. (2019). AR/VR based smart policing for fast response to crimes in safe city. 2019 IEEE International Symposium on Mixed and Augmented Reality Adjunct (ISMAR-Adjunct), 470–475. IEEE.
  23. Bhattacharya, P., Saraswat, D., Dave, A., Acharya, M., Tanwar, S., Sharma, G., & Davidson, I. E. (2021). Coalition of 6G and blockchain in AR/VR space: Challenges and future directions. IEEE Access, 9, 168455–168484.
  24. Datcu, D., Cidota, M., Lukosch, H., & Lukosch, S. (2014). On the usability of augmented reality for information exchange in teams from the security domain. 2014 IEEE Joint Intelligence and Security Informatics Conference, 160–167. IEEE.
  25. AR, A. R. (2025). Forensic challenges in augmented reality (AR) and virtual reality (VR).
  26. Choi, T. (2021). Insider threats and lessons learned from the US for South Korea and the use of new technologies like VR/AR to enhance the cybersecurity of embassies and national security (Master’s thesis, San Diego State University).
  27. Mustafa, T., Matovu, R., Serwadda, A., & Muirhead, N. (2018). Unsure how to authenticate on your VR headset? Come on, use your head! In Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics (pp. 23–30).
  28. Zhao, R., Zhang, Y., Zhu, Y., Lan, R., & Hua, Z. (2023). Metaverse: Security and privacy concerns. Journal of Metaverse, 3(2), 93–99.
  29. Zhang, S. (2025). Internet of multimodality: Problems in security, healthcare and AR/VR.
  30. Chaudhari, A., Mali, Y. K., Kulkarni, A., Jain, D., Sharma, L., Mahajan, K., Kazi, F., Kar, P., & Bhogle, A. (2024). Cyber security challenges in social meta-verse and mitigation techniques. 2024 MIT Art, Design and Technology School of Computing International Conference (MITADTSoCiCon), 1–7. IEEE.
  31. Ali, S., Abdullah, T. P. T., Armand, A., Athar, A., Hussain, A., Ali, M., Yaseen, M., Joo, M.-I., & Kim, H.-C. (2023). Metaverse in healthcare integrated with explainable AI and blockchain: Enabling immersiveness, ensuring trust, and providing patient data security. Sensors, 23(2), 565.
  32. Aljawarneh, M. (2025). Ethical issues in cyber-security for autonomous vehicles (AV) and automated driving. In Utilizing AI in Network and Mobile Security for Threat Detection and Prevention (p. 173). IGI Global.
  33. Laila, D. A., Al-Na’amneh, Q., Aljaidi, M., Nasayreh, A. N., Gharaibeh, H., Al Mamlook, R., & Alshammari, M. (2024). Enhancing 2D logistic chaotic map for gray image encryption. In Risk Assessment and Countermeasures for Cybersecurity (pp. 170–188). IGI Global.
  34. Truong, V. T., & Le, L. B. (2024). Security for the metaverse: Blockchain and machine learning techniques for intrusion detection. IEEE Network, 38(5), 204–212.
  35. Svedberg, J., & Olsson, T. (2018). Augmenting security systems—the role of augmented reality in the surveillance industry.
  36. Raybourn, E. M., & Trechter, R. (2018). Applying model-based situational awareness and augmented reality to next-generation physical security systems. In Cyber-Physical Systems Security (pp. 331–344). Springer.
  37. Kumari, S., & Polke, N. (2018). Implementation issues of augmented reality and virtual reality: A survey. In International Conference on Intelligent Data Communication Technologies and Internet of Things (pp. 853–861). Springer.
  38. Bhalla, A., Sluganovic, I., Krawiecka, K., & Martinovic, I. (2021). MoveAR: Continuous biometric authentication for augmented reality headsets. In Proceedings of the 7th ACM on Cyber-Physical System Security Workshop (pp. 41–52).
  39. Elkoubaiti, H., & Mrabet, R. (2018). How are augmented and virtual reality used in smart classrooms? In Proceedings of the 2nd International Conference on Smart Digital Environment (pp. 189–196).
  40. Valles, L., Moriana, A., & Garcia, R. (2018). The TARGET project: Using VR and AR to improve police training.
  41. Aukstakalnis, S. (2016). Practical augmented reality: A guide to the technologies, applications, and human factors for AR and VR. Addison-Wesley Professional.
  42. Park, S., Kim, J. W., Kim, K. M., & Kim, H. (2018). AR-based field training system algorithm for small units. Convergence Security Journal, 18(4), 81–87.
  43. Carneiro, J., Rossetti, R. J., Silva, D. C., & Oliveira, E. C. (2018). BIM, GIS, IoT, and AR/VR integration for smart maintenance and management of road networks: A review. In 2018 IEEE International Smart Cities Conference (ISC2) (pp. 1–7). IEEE.
  44. Kittinger, L. I. (2018). VR proposal for breakout session. Sandia National Lab. (SNL-NM), Albuquerque, NM (United States), Tech. Rep.
  45. Meyer-Lee, G., Shang, J., & Wu, J. (2018). Location-leaking through network traffic in mobile augmented reality applications. In 2018 IEEE 37th International Performance Computing and Communications Conference (IPCCC) (pp. 1–8). IEEE.
  46. Bonner, E., & Reinders, H. (2018). Augmented and virtual reality in the language classroom: Practical ideas. Teaching English with Technology, 18(3), 33–53.
  47. Nguyen, Q. K., & Dang, Q. V. (2018). Blockchain technology for the advancement of the future. In 2018 4th International Conference on Green Technology and Sustainable Development (GTSD) (pp. 483–486). IEEE.
  48. Alam, M. F., Katsikas, S., Beltramello, O., & Hadjiefthymiades, S. (2017). Augmented and virtual reality based monitoring and safety system: A prototype IoT platform. Journal of Network and Computer Applications, 89, 109–119.
  49. Khor, W. S., Baker, B., Amin, K., Chan, A., Patel, K., & Wong, J. (2016). Augmented and virtual reality in surgery—the digital surgical environment: Applications, limitations and legal pitfalls. Annals of Translational Medicine, 4(23), 454.
  50. Abu-Zaid, A., Aljaidi, M., Al-Na’amneh, Q., Samara, G., Alsarhan, A., & Qadoumi, B. (2025). Advancements and challenges in the internet of drones security issues: A comprehensive review. In Machine Intelligence Applications in Cyber-Risk Management (pp. 1–24). IGI Global.
  51. Al-Na’amneh, Q., Aljaidi, M., Gharaibeh, H., Nasayreh, A., Al Mamlook, R. E., Almatarneh, S., Alzu’bi, D., & Husien, A. S. (2023). Feature selection for robust spoofing detection: A chi-square-based machine learning approach. In 2023 2nd International Engineering Conference on Electrical, Energy, and Artificial Intelligence (EICEEAI) (pp. 1–7). IEEE.
  52. Al-Na’amneh, Q., Nasayreh, A. N., Al Mamlook, R., Gharaibeh, H., Alsheyab, A. M., & Almaiah, M. (2024). Improving memory malware detection in machine learning with random forest-based feature selection. In Risk Assessment and Countermeasures for Cybersecurity (pp. 96–114). IGI Global.
  53. Alghamdi, A. (2024). Exploring the security landscape of AR/VR applications: A multi-dimensional perspective.
  54. Ali, S., Alshinwan, M., Khashan, O. A., Hijjawi, M., Altawil, A., Al-Na’amneh, Q., Abu-Adaiq, H., Alhardan, H., AbdElminaam, D. S., Tarawneh, O., et al. (2025). Intrusion detection for wireless sensor networks using parrot algorithm. In Machine Intelligence Applications in Cyber-Risk Management (pp. 345–366). IGI Global Scientific Publishing.
  55. Alismail, A., Altulaihan, E., Rahman, M. H., & Sufian, A. (2022). A systematic literature review on cybersecurity threats of virtual reality (VR) and augmented reality (AR). In Data Intelligence and Cognitive Informatics: Proceedings of ICDICI 2022 (pp. 761–774).
  56. Alismail, A., Altulaihan, E., Rahman, M. H., & Sufian, A. A systematic literature review MKKS on cybersecurity threats of virtual reality (VR) and augmented reality.
  57. Kurii, Y., & Opirskyy, I. (2022). Analysis and comparison of the NIST SP 800-53 and ISO/IEC 27001: 2013. NIST Special Publication, 800(53), 10.