Have you seen a marked increase in people wandering around staring at their phones in the office? Pokemon Go is invading public space – and creating a huge security threat in the process!
If you haven’t heard about it yet, Pokemon Go is a new – and wildly popular – AR (augmented reality) game, where players use their phone’s camera to locate and collect digital monsters lurking about in the real world (and actually get some exercise while playing a video game for a change).
Of course, any popular smartphone app is going to draw the attention of those who would exploit it. And sure enough, within four days of release, a malware-infested version of the game made its way onto unofficial stores. This malware, DroidJack, targets Android devices and can access everything on the device including email, contacts, photos, videos and text messages.
Even if you download the game through proper channels, there are data risks to consider. The game was rushed out quickly to consumers, and as a result, the original user agreement allowed game developer Niantic access to players’ Google accounts, making their information an open book – including their email, calendars, pictures, and more. (Niantic has updated the agreement to be less invasive since its first release, but that may be cold comfort to security professionals.)
And of course, because of the game’s overwhelming popularity, you can expect more AR-style phone games are on the way, along with all the infosec red flags that come with them. That’s why vigilant organizations should have a strategy ready to go – one that includes not just hardware protection, but employee training, to raise awareness that they’re putting the company at risk of catching malicious software while they’re trying to catch Pikachu.
Want to learn more about protecting your company’s data? Register today for DRI’s IT/DR Planning workshop. You’ll learn how to evaluate new and emerging technology for potential issues, develop strategic responses and alternatives, and much more!