Gotta Hack em’ All Pokemon
Pokemon Go made a big impact for many reasons when it was first released. Building on the legacy of a franchise that has been around since the 90s and us all fall in love with it, has effectively pulled at the nostalgic heartstrings of many Gen Xers and Gen Yers – almost all of which are equipped with the latest smartphones. It also incorporates augmented reality features that really make it hard to say “no” to your inner child that secretly always wanted to catch a Pikachu in real life, and to those that love trying out new technologies (even though the technology can no longer be considered particularly new by this point).
As we know, bad news sells and therefore, the biggest reason the app made headlines shortly after release was due to a flaw in its use of Google authentication, which incidentally provided full access to an end user’s Google account. This, in turn, created a firestorm of security and privacy concerns in the media. The flaw in question highlighted the current “state of the union” when it comes to the security and privacy mind-set of the average mobile end user. The reality is that all online data is at risk. This is certainly a fact that most end users are aware of. The last two years have really hammered home that point, with named vulnerabilities like Heartbleed and private sector breaches like Sony Pictures leaving customer and employee data laid out for all to see.
Despite the potential security and privacy impact of this bug, there was no mass exodus of Pokémon Go players, or even if there was, it was inconsequential based on the number of players that started using the app post bug publication. At first glance, you might think that this paints a dire picture of how far we have to go to improve the security and privacy awareness of the general public, but it actually paints a slightly better picture, and in a way demonstrates that the average end user inherently understands the basic infosecurity risk management process.
More on next page