Why Hack Pokemon Go? The Saga Continues…

When Pokemon Go launched a few weeks ago, I thought back to my childhood days of watching the show. But little did I know that I would end up this worried about the cyber security issues regarding the game. A couple of weeks ago, I wrote a post regarding the authorization issues of the game, which largely had to do with the iOS devices attempting to download and authenticate the Google accounts. This week I want to follow up on this phenomenon, especially as it looks like releases in other parts of the world have been happening or look to be imminent.

Pokemon Go, a Hacker’s Paradise

Because the game didn’t have a global release but a limited one (to the USA and ANZ), there were fans around the world itching to get their hands on the game. Hence, third-party apps (which are unverified and should be avoided) and mirrored apps began to appear. Third party applications are not developed by the original developer, but developed by other companies (most of the time for opportunities where they can make some profit or gain recognition). Mirrored or cloned applications are those that may resemble the original but most often are ploys for infecting malware onto a device.

While mirrored applications are caught fairly quickly because of security measures, eager users were quicker to get to them than security managers. Sure enough, it was found that for Android users, many versions of the repackaged Pokemon Go games were infected with malware. This could hand over sensitive data to a hacker or even take control of the entire device. For example, a malware called Droidjack is a remote access tool executed on Android devices which allows for access into infected devices.

What’s the Response?

The organizational responses differed greatly. On one hand, Japan responded in an open manner where last week, NISC (National Center of Incident Readiness and Strategy for Cybersecurity) sent out a friendly infographic. Through 9 steps, it reminded people of the guidelines one should follow when playing the game. We won’t go into the translation of all the guidelines, but in particular, #1 (identity issues) and #2 (double checking for third party applications) have to do with cyber security measures.

On the other hand, countries like Malaysia are wondering if barring the game entirely might be a safer method. Last week, a referendum was called for by a well-known journalist from the New Strait Times to keep the game from entering the country. The journalist stated that it was a national concern in terms of the military as well as society as a whole. There are others who have said that the game goes against Islamic religion and could be offensive to the culture.

It’s safe to say that this trend should not be ignored if governments are starting to become involved.

So What’s a Gamer to Do?

Realistically, we’ll continue to see news headlines about the next incident regarding this game. Within cyber security, hackers will continue to target the apps and the users for two reasons. The most obvious answer is that of profit – with a cloned app, hackers can take advantage of eager users and reap financial benefits. The second not-so-obvious reason is that sometimes hackers do it for an adrenaline rush. With a big trend like this where every other headline is about the game, they want their piece of the fame and the recognition. This adrenaline-seeking does not look like it will stop anytime soon. That’s why it’s the responsibility of the user to be careful.

Some might tell you to stop playing. Go get some fresh air. However, let’s not forget that this is a major phenomenon of a game. Literally everyone and their mother is playing it. So what are some realistic things you can do?

Here are my top three tips:

  1. Stay away from third-application software. Niantic will bring it to your country soon enough – in fact, the game was released in Germany and Japan last week, and it’s now available in over 30 countries.
  2. Still take into account authorization issue. As the game becomes more and more popular, more hackers will be targeting Niantic’s databases. Go into Google’s security page and look for the application to see what you are authorizing.
  3. Consider a security solution for your mobile device. Look for one that will detect malware-infected versions of applications so that you’re preventing infections. It’s really no use trying to remedy them after your device has already been infected. If you’re in Korea, you might consider D’Amo, Penta Security’s encryption solution. With a component made for smartphones in the PKI line, it can protect the data that is in your device.

So let’s have a discussion. What is the current viewpoint of Pokemon Go in your country among the general population? What is your governmental organization doing regarding the potential (physical and cyber) security issues? What are you doing regarding Pokemon Go?