Security Advisory: Say No to Pokemon GO in the Office


Take a look around your building today and you’re bound to see countless people walking around with their heads down, staring at their phones. The majority of these people aren’t checking their email or browsing the Web...they’re playing a game called Pokémon GO—a highly addictive mobile application from Nintendo, which is now a global phenomenon.

What makes Pokémon GO so appealing is that it allows gamers to experience augmented reality (AR). Pokémon characters appear on a mobile interface as if they are actually walking down a surrounding street or sitting on someone’s shoulder in real time. In the game, players hunt and collect Pokémon characters on an interactive map that works in conjunction with their local environment.

While AR technology has been around for many years, up until this point it was mostly used for learning or business purposes. With Pokémon GO, the public is now getting a taste of how AR can enhance mobile games. And this is at the root of why Pokémon GO is so popular; it’s the excitement about AR technology, combined with the nostalgia of Pokémon, which is creating massive interest from consumers. Just two days after its release in July, Pokémon GO was already installed on 5.16 percent of all U.S. Android phones. And it now has at least twice as many downloads as Tinder. There is no sign that consumer interest is fading.

So, why should you care about Pokémon GO?

The application is living on your employees’ personal and company-owned mobile devices. It’s accessing your network, and is being used throughout the day by workers across all areas of the organization—from entry-level workers to C-level executives.

Third-party mobile applications always come with inherent security risks, and Pokémon GO is no exception. First and foremost, there is widespread concern among security professionals about the amount of information that the Pokémon GO application collects on end users. For instance, the game asks to collect the user’s contact information and location. It can also read, modify and delete USB storage contents. Plus, Pokémon GO makes other invasive requests for things like full network access and the ability to see who else is using the network. And until recently, Pokémon GO was also accessing  end users’ Google accounts, including Gmail and Google Docs.

What’s more, the application can be considered a security threat because of the fact that players must use a camera to catch Pokémon. Employees may not always think about their physical setting before capturing a Pokémon and saving the image to his or her phone, or sharing it on social media. As a result, they may accidentally expose client or customer data in the background, or information that should not be shared with outside eyes—like new products or trade secrets. This is especially problematic in financial institutions, healthcare facilities, government organizations and technology companies.

Still, there are more security issues that you need to be aware of.

Right now, for instance, there is a malicious version of the application in circulation that is a major risk to Android devices. According to Wired, this version uses code to install backdoor links for hackers, leaving end users vulnerable. The backdoor links essentially grant hackers full control over the phone. Many of your end users could be using this insecure version of Pokémon GO.

So while Pokémon GO may be fun for your employees, it’s just not worth the security risks that come with it. Consider laying down the law in the name of cybersecurity, and instructing your employees to close their applications before coming into work so they cannot access the network. All Pokémon GO applications should be removed from company-owned devices, too. And employees should take this time to update their security settings on applications that contain sensitive data.

Of course, asking employees to do this is one thing. Enforcing it is quite another. One easy way to do it is to establish a mobile device management (MDM) policy. Apex Technology Services can work with your business to centralize mobile application management across your organization. All applications for company-owned devices can be stored and provisioned in a central hub. So instead of downloading applications on their own, employees can request them from IT. This will also give IT the ability to ban insecure or controversial applications from entering into the business.

A robust MDM solution will allow your end users to use the critical business applications they need on a daily basis. The difference is they will do so safely.

You can read more about Apex’s approach to MDM by clicking here.

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York CityWhite Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.

In addition, our new Cybersecurity Compliance Certification for law firms will help keep your legal practice from becoming the next Panama Papers victim. This baseline cybersecurity audit for the legal industry should be considered seriously by all law firms.


Senior Network Engineer

Related Articles

How Real is Telecom Network Transformation: From Legacy to Leading Edge by When?

By: Cynthia S. Artin    11/7/2018

Last week, ABI Research issued its latest report and forecasts in the network orchestration domain, asserting that while a disruption in orchestration…

Read More

What's New in Artificial Intelligence

By: Paula Bernier    11/5/2018

A brief look at what's new in the world of artificial intelligence as it relates to IT operations; customer engagement; marketing analytics; and cloud…

Read More

IBM Makes $34B Bet with Red Hat

By: Paula Bernier    10/29/2018

IBM plans to purchase Red Hat in a $34 billion deal. Big Blue says its combination with the open source pioneer will establish it as the world's No. 1…

Read More

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More