Not only is Pokémon Go probably stealing all of your personal information and sending it to Russia, but the wide popularity of the game and all the permissions it asks for on your phone are creating big headaches for IT professionals. Because so many people use their personal devices to access work email and secure servers and such, the use of Pokémon Go is creating that many more windows of opportunity for potential hackers, as the Business Times tells us. Even though the game's creators insist that the game only requires users' email address and username, the fact that it wants to connect through a player's Google ID not to mention all the geo-locating data it has for every user could present many other problems when it comes to securing corporate networks.
Security firm Proofpoint has already produced their own report describing malware that's already been discovered in unauthorized Android versions of the game which were downloaded in countries where it had not yet been officially released. The malware allowed hackers to potentially hijack users' devices entirely, and it shows "that cybercriminals can take advantage of the popularity of applications like Pokemon GO to trick users into installing malware on their devices."
Tom Bain of security research firm the coincidentally named Ponemon Institute tells the Business Times that this is all pointing to the risks inherent in allowing employees to use personal devices for work purposes, and not providing them with dedicated work phones. "Attackers head where there is critical mass," Bain says. "Pokemon has reached that level to where we have barely begun to scratch the surface in terms of specifically designed attacks on users via malware or brute force." He adds, "Users will experience compromises, and remember, ransomware was originally designed to target mobile users before it was adopted to target larger devices like laptops."
So far we haven't heard of many companies issued outright bans on the game, however Seattle- and Chicago-based Boeing did alert its employees in a memo that Pokémon Go had been blacklisted.