Vast Influx of Pokémon Go Players Causes Security Threats to Proliferate
"If you bundle it with a network scanner, you can scan the corporate network," McNamee said. The vulnerabilities caused by employees running a game infected by DroidJack are bad enough, but now companies are becoming more vulnerable in their quest to use games such as Pokémon Go to build business. A number of businesses have discovered that they can attract Pokémon players by setting up what's called a Lure to get the creatures created by the game to appear at their location. The idea is that if you attract the players to your restaurant or store, some of them might buy things. However, according to Alvaro Hoyos, CISO of security and identity management company OneLogin, along with those gamers will come a number of people who are trying to take advantage of them. We have already seen incidents where criminals use Pokémon Go to lure people to a particular site where they can be robbed at gunpoint. But it goes a lot further than that.According to Hoyos, before a company even considers allowing public access, including game playing, they first need to make sure that their network is hardened and, if possible, make sure that the public WiFi isn't connected to the corporate network in any way. He also noted that with such public interest, your company needs to make sure all patches, including those for the point-of-sale system, are kept up-to-date. Hoyos also noted that some problems can extend beyond just damage caused by malware. "If you get people who want to use the public WiFi, and if you get people who are susceptible and they get hacked, they may blame the business," he said. Hoyos said that you need to set boundaries at the beginning, if only because of the brand impact that would come with such attacks. As the popularity of games such as Pokémon Go expands to include your employees and customers, the need to protect your network becomes increasingly urgent. While you should have had good network security already, the need now is immediate. The fact is that games such as Pokémon Go are going to become more popular over time. There are sure to be more insanely popular games like Pokémon. This means that the problems won't go away and the challenges to your enterprise security are going to become greater. While you can't eliminate threats such as Pokémon Go, you can at least be prepared for them and the need for preparation has never been greater.
More sophisticated cyber-criminals may be trying to hack your company's network or spreading the malware that will give them access. They will be targeting players and their WiFi or mobile carrier to see where it leads. "It might be connected to the corporate network," he said. "They might find a vulnerability [in a retail point-of-sale system], or they might discover the network resources."