WASHINGTON—There already are signs at the National Holocaust Museum and at Arlington National Cemetery asking visitors not to play the Pokémon Go mobile augmented reality game while they are there.
There are reports that some of our nation's lawmakers were seen playing Pokémon Go on the floor of the U.S. House of Representatives. There have been several armed robberies here of Pokémon Go players by criminals who used the game's features to attract users, who were relieved of their smartphones and other valuables.
But the Pokémon Go phenomenon is not specific to Washington. It has become an international craze to the point that it's now the lead story on some television network news programs. To some extent, the game, which has been available for only a week, seems fairly harmless and even seems to have some benefits—it's getting people outside to walk around in search of Pokémon characters.
But for your company Pokémon Go has a more sinister side. The game has a huge potential as a cyber-security risk, malware vector, safety hazard, on-the-job time-waster for your employees and a waste of your company's computing resources. Worse, the game may become a gateway into your company's data stores and it can introduce malware that spreads within your network.
According to Chester Wisniewski, senior security advisor at Sophos, Pokémon Go brings threats from two different areas to people who play the game. If those people are your employees, they can bring those threats into your company. One of the most insidious is the fact that a spinoff of Google's parent company Alphabet is the force behind the game and is handling the location and points-of-interest data for the game.
Niantic Labs uses Pokémon Go to gather information about its users so they can play the game successfully, but the company also has the ability to use that information for other purposes. "It's an app that's designed to track you," Wisniewski pointed out. "Alphabet knows where you're at," he said.
Problems at Niantic Labs have added to the security issues with Pokémon Go. Wisniewski said that because of the company's scalability problems, millions of users are forced to download the app from third-party Websites, where some of the software contains malware along with the game.
One version of the malware, called DroidJack, is able to gain access to anything on your Android phone, including all of your email, your contacts and your text messages. In addition, this malware can access your keystrokes, on-board microphone and camera.