Pokemon Go: When Cybersecurity “Breaches” Real Life

Many of you may have recently seen what appear to be zombies roaming the planet in search of their next victim. 

Are you up to date with the latest mobile gaming sensation – Pokemon Go? Are you aware of the possible cybersecurity threats lurking beneath the game? 

Pokemon Go is a hit for many reasons, one of which is that it actually uses your location and surroundings as part of the game. While wandering through your neighbourhood, players can see both the houses on their street and the various Pokemon characters who magically appear- waiting to be caught. The game is addicting and engrossing, but unfortunately, it has brought with it some security issues.

First off, when the game launched, it asked for full access to your Google account information by default, allowing the game (or someone who may have compromised the game) access to a multitude of personal details such as your physical address, email, phone contacts, etc.  That has since been fixed by the developers, but it’s likely that millions of people have already inadvertently exposed their information. 

Soon after the game’s launch, a whole host of malware was created to trick users into downloading necessary applications that contain security issues, such as subscribing to unwanted services, clicking on paid advertising, and accessing additional private information.  These pieces of malware are being taken down as quickly as they can be discovered, but the potential clearly exists for more of this behavior to take place.

So what can a Pokemon master do to avoid getting breached? Here are some basic, common-sense security strategies: 

1. Never automatically accept requests to access services from applications you install.  Location awareness, access to contact information, etc. can all potentially be used against you in some way.  By default, you should never allow applications to access this information unless you understand why they want that access.

2. Always verify the author of an application before you download it.  This can be a bit difficult, but matching a company name to the application is typically a good starting point.  Then look at how many downloads it has, and the reviews or ratings of that application.  There is a high likelihood that something that has only been downloaded a few times and has a lot of negative reviews is not something you want on your device.

3. Always be cognizant of online safety with respect to the impact it can have on the real world.  If you have online “friends” that get access to your location information, it can cause all kinds of issues from stalking to burglary to something worse.  Realize that no one online is necessarily who they claim to be, and when the line between the real world and the online world gets blurred you need to take precautions.

Now go out and catch them all! 

 

Critical conversations on critical infrastructure

Find out how your peers are managing their networks through profound change. Watch this series of live interactive discussions with IT pros & join the debate in Slack.

Join the conversation

Read more

BlueCat Blueprint for AWS

Instructions provided allow BlueCat Address Manager (BAM) and BlueCat Gateway to discover and import data from an Amazon cloud environment.

Read more
SUNBURST/Solorigate Situation Briefing

BlueCat leaders discuss how the malware attack via SolarWind’s Orion platform exploited DNS and how BlueCat Edge could have helped to detect it.

Read more
React faster at the wire with BlueCat and ExtraHop

With the BlueCat ExtraHop Plugin, automatically create missing PTR records, and detect and react to security threats before they reach DNS servers.

Read more
Yes, IT should see what developers do in the cloud

Errors and outages occur when admins lack visibility into DNS and IP allocation in the cloud. With Bluecat, central DDI visibility is within reach.

Read more