July 15, 2016
You’ve certainly heard about the latest video game craze, Pokémon Go, which allows players to find, capture, battle, and train virtual Pokémon monsters that appear in the real world. The game has become a massive hit since its recent release, with millions of players already engaged. It also has become a massive security risk for your organization.
The game accesses GPS and camera functions of smartphones and tablets to create a virtual map that leads players to the physical location of virtual creatures. When accessed through a Google account, it also may allow the app to access email, Google Drive, search history, Maps history, photos, and password reset. There’s also a risk that malicious Android (APK) files can give the app full control over the phone or tablet.
Clearly, this cybersecurity risk is serious enough that workplaces should consider prohibiting employees from accessing the game on their work-issued devices. But what are the other risks if they choose to play on their personal devices?
There have already been a number of reports that criminals have used the game to lure unsuspecting players to locations where they’ve been robbed. Several players have found dead bodies, and a group of young men walked off a cliff recently. These immersive, augmented-reality games can be distractions from the dangers of the real world. In a warehouse or manufacturing facility, they could lead to injury through slips, trips, and falls, or contact with machinery.
Further, many players take screen shots of their Pokémon monsters and post these images to social media. Are you sure they’re not posting photos that would be embarrassing to your company? What if they accidentally photograph something proprietary that could violate a non-disclosure agreement or assist a competitor?
Finally, the nature of the game means that certain locations house more monsters than others. If your company becomes a hot spot, how can you tell which unknown people around your parking lot or facility are simply playing and which are up to no good? Your security team might become overwhelmed.
While the game seems to be a lot of fun for a lot of people, it’s just too risky for your employees and your workplace. Some of these security risks might be resolved as developers further refine the app and its software. In the meantime, it’s best to keep Pokémon a no-go in your workplace.
This blog is cross-posted on Environmental, Health, Safety and Sustainability Software Expertise's webpage.