Pokémon GO and what you need to know about Cybercriminals

Unless you’ve been under a rock, or in a cave with no television or wi-fi you’ll be aware of Pokémon GO –  which very quickly became the biggest mobile game in history.

If you were aware of Pokémon GO you may not have be aware of just how many vulnerabilities lie hidden within the game and its privacy policy.  Whilst this article specifically focuses on Pokémon Go you should be aware these vulnerabilities are common to a lot of apps.

So here are the answers to your most pressing Pokémon GO and General App security questions.

1.What’s the privacy policy?

Like most apps / games, Pokémon GO collects data about its users.  According to the Pokémon GO privacy policy,  Data includes your username, email, IP address, web pages you were using before logging into the game and your entire Google account. The privacy policy also gives the company scope for using all of this info. The owners of Pokémon GO can hand over personally identifiable information (PII) over to law enforcement, sell it off and even share it with third parties.  This full access can be a huge security risk, and Niantic did address this concern by fixing the bug that allowed the app to gain full access to users’ accounts.

2.Why is Pokémon GO a target for cybercriminals?

The simple answer the gigantic database containing user information.  If the Niantic servers were to be hacked, hijackers could potentially access your personally identifiable information. So far the company has offered minimal details on how it plans to store all that data, but promises that it is taking the appropriate measures to protect its database.

3. What are the other main security concerns?

The public nature of Pokémon GO has caused some unforeseen side effects, such as fake versions of the app which lock your smartphone and cause more harm.  Also, criminals have reportedly been able to use the geolocation to lure players to remote areas and rob them.  This is something you’ll need to be more and more aware of as newer devices start to realise the full potential of features like augmented reality. All users must be aware of this potential issue, and parents need to consider their children’s safety using the app.

4. Pokémon GO and Bring Your Own Device (BYOD)

The ongoing trend of BYOD and the vulnerability of mobile data within Apps like Pokémon GO means there’s a need for managed IT security now more than ever.  The chances of introducing potentially harmful cyber activity via these sources is higher then it’s ever been.   If your employees are using unprotected devices when using any app it could lead to exposing sensitive business data in the event of a hack. Network managers need to take precautions and understand how to protect their network before allowing these BYOD devices access to the network.

Posted in: