Tags

, , , ,

Yesterday I had the opportunity to sit in for a little while and attend an e-conference on cyber-security and Pokemon. This was put on for the benefit of large businesses and organizations which have something to lose to the game – many things actually. I was astounded.

I see people playing the game everywhere. To think it just got started a week or so back. People are having fun but there is cause for concern. Many businesses are using their exposure to the game (unwittingly hosting Pokestops) as free advertising. Outwardly they welcome players and tout themselves as hip. Inwardly, many of these exact same companies are worried. They have good cause.

hacker-cartoon

blackappleintl.com.

Pokemon Go was designed to work very well on both Apple and Android devices. Part of its universal success is the way it utilizes most of a phone’s features. Depending on one’s device, the game and its makers may have root access to up to 60-70% of the device’s systems. Root access means the game can, theoretically, manipulate and control most of the phone. It probably has easy backdoor access to the rest.

The odds are those who made the game are not interested in maliciously accessing or misusing a player’s phone – that would be very bad for business. When it was pointed out to them that they had such unprecedented control, they admitted to overkill in their software design. They wanted the game to run smoothly and it does because it is so powerful as an app. Players give them the right to that access and potential control – it’s in the terms in the app agreement people click without reading. People willingly give Pokemon a level of access to their digital lives that the FBI has been unable to obtain with Court orders.

This presents several problems for businesses. First, people are using company phones and devices to play the game. That means they are signing over access to and control of cloud information which might otherwise be privileged. It also means they are probably playing on company time.

Remember, Pokemon itself is not likely to misuse the information it is privy to. However, this breach of security is a hacker’s dream. Experts suggest it would be very easy to hack the app and upload a variety of malware or ransom-ware or to simply clone the device or steal information.

Big business is now spending big money to combat this threat that didn’t even exist a month ago. They are also concerned that a host of similar knock-off apps are coming to ride the wave of Poke-success. A Harry Potter app is likely in the works right now. Success upon success.

Ordinary people would be wise to assess how all of them might affect them. A hacker could backdoor his way into one’s iPhone and essentially lock down the best features until the owner paid a fee for restoration.

There are other and more common problems with the game too. It has already been reported that people are trespassing while in search of the little … whatever they ares. People are winding up in places, some of them sensitive (power grid, etc.) where they probably don’t need to be. People are getting lost. They falling and injuring themselves. They are causing traffic accidents.

All of these things should be cause for second-guessing the utility of the game. I would suggest playing (if one must) on a throw-away device – a Trackfone or something similar – something disconnected entirely from one’s other accounts and business. Pokemon spotters might be a good idea to keep players from falling down old wells. People probably shouldn’t play on company time or while driving automobiles. As with most things, a little common sense goes a long way.

Advertisements