Today, I am going to talk about the game which has become more than a game for people around the world. You guessed it right, I am talking about Pokemon Go, developed by Niantic. The important mechanic in the game is to be able to use GPS which can track your movement and combine that with mobile data points. But now the game is gaining attention specially in the security domain.

Let's see what all security concerns you needed to be aware with Pokemon Go:

1. There are multiple version of the Pokemon Go app where there are quite a few malware-infected version of the Pokemon Go app for Android. According to research, the malware called Droidjack, is part of the AndroRAT family, a remote access Trojan that provides backdoor functionality and access to people’s mobile devices. Although this is not a new threat, but still it poses a threat to enterprises whose employees access their emails from mobile devices and have Pokemon Go app in their mobiles.

2. The other major concern is the security permission tied to this application. When you grant full account access, the application can see and modify nearly all information in your Google Account. In fact, many of the users of this app don't even know that Pokemon Go has access to their Gmail account. This means a serious privacy concern:

• Anyone from Pokemon Go team can read your email,

• Even the OTP's you get from bank or your bank statement can be accessed

• They can also access all your official documents on Google Drive (they also have rights to delete any documents)

• Access any personal photos that you might have stored in your Google Photos

3. In order to unlock new levels in Pokemon Go, users are using game cheating tools, as they might have been infected malware or might have other fraudulently.

4. Another big concern is that users who are passionate about unlocking new levels and spend real money to buy virtual coins also known as PokeCoins. Scammers can target these people and can create duplicate links and people can be fooled to pay for them.

Despite having so many security breaches, the craze of Pokemon is never ending. Therefore, here are some of the tips if followed, can allow you to continue playing your Pokemon Go game:

Check the reviews of the game before installation. As mentioned above, there are many fake versions which are malware infected in the Google play store.

Install a suitable mobile security application to protect your data. We will recommend to run a complete mobile scan once in 2 weeks at least.

• When installing an application, please review all the permissions you are granting access to. Make sure you don't give access to your Gmail and any other personal app. Make sure you don't give full access to the application.

Say No to game-cheating tools, there are high chances of being infected in those tools.

Use strong passwords with good mix of special characters for your Pokemon Go account and that password should also be unique. It shouldn't be same as your Gmail/Facebook/ Internet Banking password.

Read the privacy policies very carefully which we always tends to ignore.

• Also, never jail breaking your device unless you are an expert and knows how can you protect your device from threats. Jail breaking will disable the “sandboxing” feature of the iOS, an essential piece of the operating system’s security architecture.

• Keep your Smartphone's firmware updated to prevent vulnerabilities from being exploited

We recommend to strongly follow these suggestions, and then you can be safe from these exploits. Apart from logical security, be safe from physical safety as well. Every day, we hear so many cases that some guy got injured while playing Pokemon, or some guy trespassed restricted area.

References:

http://www.symantec.com/connect/blogs/pokemon-go-how-protect-your-device-scams-malware-and-privacy-issues

http://www.theatlantic.com/technology/archive/2016/07/pokemon-go-is-a-no-go-for-security/490865/

https://www.hotforsecurity.com/blog/pokemon-go-privacy-and-security-concerns-you-should-be-aware-of-15917.html

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform