Pokémon Go, the new GPS-based augmented reality OS and Android mobile gaming app, has been causing a riff amongst the cyber community, leaving many concerned about the privacy risks and cyber threats associated with this new application.

Researchers at Proofpoint spotted malware in a malicious Android version of the app that was downloaded by users in the US, Australia, and New Zealand from outside the Google Play app store, leaving many to believe the app was targeting users who were ‘sideloading’ the app before it was released in their region.

The infected version of the app was found to be infected with the DroidJack Trojan, allowing an attacker full control over a victim's phone.

“DroidJack gives attackers complete access to mobile devices including user text messaging, GPS data, phone calls, camera- and any business network resources they access,” said VP of Threat Operations at Proofpoint, Kevin Epstein.

But what seems to pose the most controversy are the privacy issues associated with the game. Game developers claim the app requests more permissions than necessary, in particular, their access to the user's Google accounts. It’s been noted that the app requires full Gmail account access, meaning Pokémon Go and Nicantic has permission to read emails, send emails as the user, and access all Google drive content and more.

While the creator of the game, Nitantic, have since claimed it was unintentional and will be altered soon, this brings up an important dispute about app permissions and how much attention we really pay to them.

This poses not only personal privacy issues but also work related privacy issues. Who’s not to say someone who downloaded that malicious app used a work Gmail account to sign up, leaving a treasure trove of data open to criminals to abuse. Businesses need to remain vigilant in their fight to secure sensitive data and block access to any websites or applications that pose a threat to the organization.

 

Read this article on InfoSecurity Magazine

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.