Invisible Risks in Virtual Worlds: A Security Study of Virtual Reality
Honors Capstone Project
1
Advisor(s)
Dr. Firas Hassan
Confirmation
1
Document Type
Paper
Location
ONU McIntosh Center; Dean's Heritage
Start Date
21-4-2026 5:15 PM
End Date
21-4-2026 5:30 PM
Abstract
CareerQuest VR is being developed in partnership with the Kan Du Group to support vocational exploration and preparedness for adults with intellectual and developmental disabilities (IDDs). However, this project raises an interesting problem: VR systems collect sensitive behavioral and device‑level data, and organizations serving protected populations often lack the cybersecurity capacity or team to evaluate these risks. The purpose of this Honors Capstone Enhancement is to assess how securely the Meta Quest headset and the Facilitate platform handle data when used in nonprofit training environments.
The project applies established cybersecurity frameworks, including MITRE ATT&CK and the NIST Privacy Framework, and hardware analysis to model threats, evaluate privacy practices, and identify vulnerabilities across the VR data lifecycle. Data sources include vendor documentation, platform policies, observed system behavior, and artifacts such as interaction logs and device identifiers. From this analysis, the central claim emerges: responsible VR adoption, particularly for adults with IDDs, requires explicit, accessible cybersecurity guidance that organizations can realistically implement.
The enhancement produces practical deliverables to showcase to audiences the importance of security, including a data‑flow map, threat model, risk matrix, and a non‑technical awareness guide to help organizations deploy VR safely. The threat model, security analysis, and guidance demonstrates the overall impact of CareerQuest VR by ensuring that accessibility and innovation are matched with strong protections for the individuals served.
Recommended Citation
Lyons, Maria Kay, "Invisible Risks in Virtual Worlds: A Security Study of Virtual Reality" (2026). ONU Student Research Colloquium. 23.
https://digitalcommons.onu.edu/student_research_colloquium/2026/Papers/23
Restricted
Available to ONU community via local IP address and ONU login.
Invisible Risks in Virtual Worlds: A Security Study of Virtual Reality
ONU McIntosh Center; Dean's Heritage
CareerQuest VR is being developed in partnership with the Kan Du Group to support vocational exploration and preparedness for adults with intellectual and developmental disabilities (IDDs). However, this project raises an interesting problem: VR systems collect sensitive behavioral and device‑level data, and organizations serving protected populations often lack the cybersecurity capacity or team to evaluate these risks. The purpose of this Honors Capstone Enhancement is to assess how securely the Meta Quest headset and the Facilitate platform handle data when used in nonprofit training environments.
The project applies established cybersecurity frameworks, including MITRE ATT&CK and the NIST Privacy Framework, and hardware analysis to model threats, evaluate privacy practices, and identify vulnerabilities across the VR data lifecycle. Data sources include vendor documentation, platform policies, observed system behavior, and artifacts such as interaction logs and device identifiers. From this analysis, the central claim emerges: responsible VR adoption, particularly for adults with IDDs, requires explicit, accessible cybersecurity guidance that organizations can realistically implement.
The enhancement produces practical deliverables to showcase to audiences the importance of security, including a data‑flow map, threat model, risk matrix, and a non‑technical awareness guide to help organizations deploy VR safely. The threat model, security analysis, and guidance demonstrates the overall impact of CareerQuest VR by ensuring that accessibility and innovation are matched with strong protections for the individuals served.