Security Advisory: Say No to Pokemon GO in the Office

By Justin Verrastro July 15, 2016

Take a look around your building today and you’re bound to see countless people walking around with their heads down, staring at their phones. The majority of these people aren’t checking their email or browsing the Web...they’re playing a game called Pokémon GO—a highly addictive mobile application from Nintendo, which is now a global phenomenon.

What makes Pokémon GO so appealing is that it allows gamers to experience augmented reality (AR). Pokémon characters appear on a mobile interface as if they are actually walking down a surrounding street or sitting on someone’s shoulder in real time. In the game, players hunt and collect Pokémon characters on an interactive map that works in conjunction with their local environment.

While AR technology has been around for many years, up until this point it was mostly used for learning or business purposes. With Pokémon GO, the public is now getting a taste of how AR can enhance mobile games. And this is at the root of why Pokémon GO is so popular; it’s the excitement about AR technology, combined with the nostalgia of Pokémon, which is creating massive interest from consumers. Just two days after its release in July, Pokémon GO was already installed on 5.16 percent of all U.S. Android phones. And it now has at least twice as many downloads as Tinder. There is no sign that consumer interest is fading.

So, why should you care about Pokémon GO?

The application is living on your employees’ personal and company-owned mobile devices. It’s accessing your network, and is being used throughout the day by workers across all areas of the organization—from entry-level workers to C-level executives.

Third-party mobile applications always come with inherent security risks, and Pokémon GO is no exception. First and foremost, there is widespread concern among security professionals about the amount of information that the Pokémon GO application collects on end users. For instance, the game asks to collect the user’s contact information and location. It can also read, modify and delete USB storage contents. Plus, Pokémon GO makes other invasive requests for things like full network access and the ability to see who else is using the network. And until recently, Pokémon GO was also accessing  end users’ Google accounts, including Gmail and Google Docs.

What’s more, the application can be considered a security threat because of the fact that players must use a camera to catch Pokémon. Employees may not always think about their physical setting before capturing a Pokémon and saving the image to his or her phone, or sharing it on social media. As a result, they may accidentally expose client or customer data in the background, or information that should not be shared with outside eyes—like new products or trade secrets. This is especially problematic in financial institutions, healthcare facilities, government organizations and technology companies.

Still, there are more security issues that you need to be aware of.

Right now, for instance, there is a malicious version of the application in circulation that is a major risk to Android devices. According to Wired, this version uses code to install backdoor links for hackers, leaving end users vulnerable. The backdoor links essentially grant hackers full control over the phone. Many of your end users could be using this insecure version of Pokémon GO.

So while Pokémon GO may be fun for your employees, it’s just not worth the security risks that come with it. Consider laying down the law in the name of cybersecurity, and instructing your employees to close their applications before coming into work so they cannot access the network. All Pokémon GO applications should be removed from company-owned devices, too. And employees should take this time to update their security settings on applications that contain sensitive data.

Of course, asking employees to do this is one thing. Enforcing it is quite another. One easy way to do it is to establish a mobile device management (MDM) policy. Apex Technology Services can work with your business to centralize mobile application management across your organization. All applications for company-owned devices can be stored and provisioned in a central hub. So instead of downloading applications on their own, employees can request them from IT. This will also give IT the ability to ban insecure or controversial applications from entering into the business.

A robust MDM solution will allow your end users to use the critical business applications they need on a daily basis. The difference is they will do so safely.

You can read more about Apex’s approach to MDM by clicking here.

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York CityWhite Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.

In addition, our new Cybersecurity Compliance Certification for law firms will help keep your legal practice from becoming the next Panama Papers victim. This baseline cybersecurity audit for the legal industry should be considered seriously by all law firms.


 

Senior Network Engineer

SHARE THIS ARTICLE
Related Articles

Pai Makes His Case for Title II Repeal

By: Paula Bernier    11/21/2017

FCC Chairman Ajit Pai today made clear his plans to repeal Title II net neutrality rules. The commission is expected to pass his proposal at its Dec. …

Read More

Mist Applies AI to Improve Wi-Fi

By: Paula Bernier    11/9/2017

Mist has created an AI-driven wireless platform that puts the user and his or mobile device at the heart of the wireless network. Combining machine le…

Read More

International Tech Innovation Growing, Says Consumer Technology Association

By: Doug Mohney    11/8/2017

The Consumer Technology Association (CTA) is best known for the world's largest trade event, but the organization's reach is growing far beyond the CE…

Read More

Broadcom Makes Unsolicited $130B Bid for Qualcomm

By: Paula Bernier    11/6/2017

In what could result in the biggest tech deal in history, semiconductor company Broadcom has made an offer to buy Qualcomm for a whopping $130 billion…

Read More

How Google's 'Moonshot' Could Benefit Industrial Markets

By: Kayla Matthews    10/30/2017

The term "moonshot" encapsulates the spirit of technological achievement: an accomplishment so ambitious, so improbable, that it's equivalent to sendi…

Read More