Ride the Lightning

Pokémon Go: A Huge Hit with Huge Security Issues

July 13, 2016

Much of this post is directly cribbed from John's Your IT Consultant blog post yesterday. Thanks for posting the security warnings John. Pokémon is so ridden with security dangers that I felt it had to be on RTL as well. Pokémon Go has become a phenomenon in the last week. People are obsessed, playing an average of 40 minutes per day. More people play this game daily than post on Twitter. A lot of those playing have no idea what information and access they have given to the developer or the potential harm that can come from playing.

Pokémon Go is essentially a game where you search for various Pokémon characters. The app is available for Android and iOS devices. If you use Pokémon Go on an iOS device, you are asked to login to your Pokémon.com or Google account. Since registrations are currently closed on Pokémon.com, using your Google credentials is the only alternative. Using your Google account on an iOS device will then give the app full access to your Google account. According to a Softpedia post, "This includes the ability to read the content of emails, send emails in your name, access private Google Drive or Google Photos files, view Maps or Search history, and a whole bunch more." Apparently, the Android app doesn't have this problem.

There are even bigger problems when you agree to play Pokémon Go. There have been incidents where users have been targeted and lured to an isolated area where they are robbed. If you don't download the app from the Google Play store, you may be installing malware to your phone. It's also dangerous to your health if you are not paying attention while playing. One user cut his hand when he tried to stop suddenly while riding a skateboard in order to catch a pokémon. Of course you'll probably end up walking into a tree or falling into a hole while staring at the phone screen. You must have geolocation (GPS) capability enabled on your phone in order to determine your location in relation to the pokémon. Guess what? You're also telling the developer and other Pokémon players where you are too. Are they all nice people? No.

I am especially concerned about young people playing, oblivious to the dangers. Parents, it is time to read up on Pokémon Go and make sure you understand the security steps you should be taking with your children. Even police departments are posting warnings. The Lure Module is especially dangerous, attracting Pokémon to a Pokéstop location for 30 minutes. Lures attract players – all with expensive smartphones (at the very least) to remote locations where they may be vulnerable to robbery – or worse.

Young people should play (if at all) with their parents. Older teens should be in groups. Parents, I fear, will be largely clueless about the dangers posed by this game. Thanks to my friend Jennifer Ellis (and John) for patiently explaining the game and its dangers to me.

How about a nice game of chess? Much safer . . .

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
http://www.linkedin.com/in/sharondnelson