Nintendo’s Pokémon GO has become a global phenomenon. The game set a new record for the most frequently downloaded app in the iOS store in the first week of being launched and it is the first time we have seen augmented reality (AR) being used by the masses, with everyone from children to grown men wondering the streets, immersed in the game.
But as we have seen over the last few weeks, a surge in popularity can leave a company more likely to be exposed to vulnerabilities. Here, we take a look at some of the challenges faced by Niantic Labs and Nintendo and what we can learn from them.
1. Distributed Denial of Service (DDoS) attack: When Pokémon officially reached the UK app store, users reported difficulty accessing the game. At first, we wondered whether this was a result of the influx of downloads it was receiving in a short space of time. But hacking group PoodleCorp announced it had taken the servers down with a DDoS attack.
DDoS attacks are used by hackers or malicious outsiders to crash servers by flooding them with numerous request, so much so that they cannot cope. The lesson here is that organizations need to remember that building to scale is as important as building to fail and sufficient defenses need to be in place to counteract DDoS attacks.
2. Don’t fall for fake apps posing as the real thing: Fake apps are a favored tactic of hackers to install malware on people’s phones. And popular apps like Pokémon GO provide the perfect opportunity for hackers as people rush to download the game in huge numbers from the Apple or Android app stores.
Hackers have already created spoof versions of the Pokémon app to fool people into downloading it. Once an unsuspecting user has done this, malware – a type of software used by hackers to steal information without the owner knowing – is then placed on the device. The malware then targets security weak spots between your apps and the device itself – for example the app you use to surf the internet. Here, the malware is then able to gain access to your unencrypted data, such as passwords, credit card numbers or even email messages.
Users must remember to only download apps from trusted sources with a high review rating. Once you download and install, look at the permissions the app is asking for. Is it asking to access calls, texts or to record audio? These should be red flags as genuine apps won’t ask for such access.
3. User accounts being sold on the black market: It was reported last week that the ‘black market’ for Pokémon GO user accounts was thriving. Accounts that are high level can sell for a more than a few hundred dollars. There are many risks for those looking to buy on the black market. Firstly, you have very little protection buying items on the black market. If you make a deal but the seller fails to send the information, such as the Pokémon account login, you can’t sue for breach of contract or call the police to complain. The illegal nature of the transaction renders the buyer largely powerless to use traditional means of dispute resolution.
Secondly, by buying goods on the digital black market you’re handing over your digital payment information to an entity that can’t be trusted, who can now either sell that data on or use it for their own illicit gains. There is also the potential that hackers are using the applications being sold as ways to plant malware on people’s devices, which can then be used to steal further information such as passwords and credit card details. Finally, the gamer is unlikely to get the satisfaction of achieving Pokémon Master status legitimately!
Pokémon GO is likely to be the first of many in the AR and VR revolution of mobile gaming as the technology continues to develop at pace. However, companies and consumers alike need to be aware of the risks that new games pose. Something that draws a lot of consumer attention is an easy target for hackers. Being aware of the threats associated with these types of success stories could just save you from becoming a hacking victim.