We do IT differently.

Call 844.750.4170 for more information.

Pokémon Go Security Risks
July 25, 2016

Pokémon Go Security Risks

Pokémon Go Security Risks

Everyone is talking about Pokémon Go, the game that caused Nintendo’s value to increase by $23 billion in less than a month. Players are spending more time per day playing the game than some of the most popular apps, like Twitter and Google Maps. Companies stand to benefit from the massive marketing opportunities that the game presents. Not everyone is so thrilled, though.

As a business owner or CIO, you might think Pokémon Go has little impact on your work. Unless you’re getting paid to play Pokémon all day, the server lag or radar glitch obviously has no effect on your business. Other issues are more troubling though, when a company has a BYOD policy in place.

Fake Pokémon Go Apps

First, before even approaching the game itself, let’s talk about indirect threats. While much of the world was waiting for the game to be released in their country, there were reports of fake apps appearing on the Google Play marketplace5 posing as Pokémon Go. There was even a version of the game available for Android that provided attackers with full access to the infected phone. If your company has a BYOD policy in place, that phone might have been used to do business on a daily basis. In case it needs to be stated, having compromised devices in your network is bad.

Game Cheat Apps

Talk to anyone that’s playing Pokémon Go, and they’ll tell you that the game is nearly unplayable. Now, with the radar glitch in full effect, players have turned to third party applications to find out where those elusive Pokémon are in their neighborhoods. Players have begun literally handing over their Google credentials (used to login to the game) along with other personally identifiable information (PII) for a Pokémon map. The risk is comparable to the fake Pokémon Go apps noted above, but with more data at risk. This is especially concerning if any of your employees used their work email address to sign up for the game.

Privacy Policy

Now that we’ve reached issues with the game itself, the privacy policy is the first place to direct your attention. The game is allowed to collect an unprecedented amount of PII, which Niantic can then use in a large variety of ways. That PII, like a user’s IP address and recently viewed websites, can then be sold to third parties, government, and law enforcement for any reason, at any time. You read that right – if your team is conducting business on their phone and playing Pokémon Go, your business data belongs to Niantic online strattera. Trust Niantic not to sell your data? Keep scrolling.

Big Target for Hackers

We’ve already covered the fact that your data is at risk, but let’s talk about one more way your important assets can end up in the wrong hands. The game has allegedly already been hacked by Poodlecorp, and the team claims they will be doing it again. Any platform with this kind of popularity was bound to be a target. Should the game be hacked by a malicious source, the personal information of millions of players will be compromised.

What You Can Do Now

If you have a BYOD policy in place, it’s imperative that you approach the topic with serious consideration, as silly as that sounds. Train your employees about the risks of downloading third party apps. Urge your team to review the privacy settings of all apps that they download carefully, and disable as many unnecessary permissions as possible.

The safest solution is a multi-layer approach protecting your business at several points. Separate wireless networks should be created for internal traffic and cell phone traffic. This protects your business servers in case any employee cell phones are compromised. Network policy services can be put in place to ensure that employee phones meet specific requirements before connecting to corporate resources. A managed mobile device management solution protects your business from threats 24/7.
If your company could use some help mitigating the risks of your BYOD policy, give us a call at 412.722.0707, or email xBert@SierraExperts.com.

Sierra w/o Wires, Inc. is an IT Managed Service and Support provider, specializing in remote monitoring and remote management of computing systems, cloud/virtual systems hosting, VoIP/SIP PBX trunks and solutions, physical server hosting, software development and hardware and software reselling. For more, check out www.SierraExperts.com.