Pokémon Go Is a Risk to BusinessBy Samuel Greengard | Posted 2016-07-25 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
With virtual places in the game superimposed over real places, gamers trespass on private property or access public spaces at times when they are not permitted.
It's bad enough that everywhere you go someone is now wandering around in zombie-like state playing Pokémon Go. The argument that at least people are getting out and interacting socially is a bit like saying, "I ate my vegetables today. I had onions rings and fries!"
It's even worse that Pokémon represents a potential security risk to individuals and businesses. Forget the part about people getting mugged, stabbed and shot. I'm sure opportunistic criminals would have done the same thing to someone who wasn't playing Pokémon. We just wouldn't have heard about nit on the news.
The data collected by Niantic (the company that created Pokémon Go) includes a person's movements while playing the game, where he or she has gone, what times a person plays, the route he or she took, and how long an individual stayed at a particular location. The company can also pull information about device use and behavior.
Of course, others, such as Foursquare, do this too. But that doesn't make the situation any better. The company could use this information in less than ethical ways, and If its servers are breached—something that is certainly possible—a lot of personal and professional data would be at risk.
A Buzzfeed article noted that Google—which spun off Niantic from its parent company Alphabet—currently complies with 78 percent of law enforcement requests for data. This may be both good and bad, depending on how the information is used and whether it violates civil liberties.
And enterprises are also in the crosshairs. With virtual places in the game superimposed over real places, gamers are trespassing on private property or accessing public spaces at times when they are not permitted, noted Alvaro Hoyos, the chief information security officer of OneLogin. This may include employees inside worksites.
What's more, as Baseline sister Website eWeek pointed out: "The game has a huge potential as a cyber-security risk, malware vector, safety hazard, on-the-job time-waster for your employees, and a waste of your company's computing resources. Worse, the game may become a gateway into your company's data stores, and it can introduce malware that spreads within your network."
In fact, a version of malware, DroidJack, can infect Android phones. It can spread through third-party Websites that allow users to download the game. It mines email, text messages and contacts—and it can also track keystrokes and commandeer the device's microphone and camera.