Our partners at the cybersecurity firm SentinelOne have shared the below blog post on recent security problems with PokÃ©mon GO. Remember to ensure your devices are secure from all threats, including those hidden within apps.
The past week has evoked an unfamiliar sight in many of the countryâ€™s public areas: Hundreds of young adultsâ€”heads down, eyes glued to their phonesâ€”wandering through public parks in search of PokÃ©mon. In many ways, PokÃ©mon GO represents a seismic societal shift. No other game has really captured the potential of augmented reality in a way thatâ€™s really seized the public imagination. By the same token, another seismic shift has opened upâ€”a whole lot of people are suddenly getting an unpleasant education on the dangers of mobile malware, account privacy exposure, and GPS hacking.
Dangers of Counterfeit Applications
Full disclosure, SentinelOne has general availability products for servers and endpointsâ€”the mobile product is in beta. But letâ€™s focus on mobile malware for a moment. Thereâ€™s an excellent chance that an attacker could leverage an infected mobile device to go after an enterpriseâ€™s other infrastructure, especially with the PokÃ©mon GO malware thatâ€™s been discovered in the wild.
This malware takes the form of a bootleg PokÃ©mon GO app. The lure is pretty simpleâ€”PokÃ©mon GO is mega-popular, but it hasnâ€™t come out in every country on earth yet. People in non-PokÃ©mon-infected countries are tempted to download these bootlegs apps in order to enjoy the game before its official launch. In at least one instance however, an illicit app, packaged as an Android .APK file and available through a phoneâ€™s browser, contained a remote access trojan. Any users of this app would have caught a RAT well before they found their first Rattata.
Fortunately, it doesnâ€™t appear that the embedded malware is currently active, so no one who downloaded that particular app has anything to worry about. Had the malware been active, users would have found that the app gained far more permissions than the genuine version usually receives. This includes the ability to change Wi-Fi and network connections, read a userâ€™s web activity, and control app usage. Not only would this be more than enough control to grab any confidential or compromising information on a userâ€™s phone, it would provide an excellent platform for malicious actors to launch an assault on an enterprise network.
Privacy Conundrums, I Choose You!
In addition to having some dodgy imitators, PokÃ©mon GO isnâ€™t without problems that are inherent to the app itself. Again, this is a case of app permissions run amok. Instead of just using the Google Maps API, the app originally gained â€œfull accessâ€ to a userâ€™s Google Account.
What does full access mean in this context? Full access gives PokÃ©mon GO a token that can be exchanged for uberauth, a sort of super-token that gives its bearer full access (view, write, create, delete, and edit permissions) to Gmail, Google Calendar, Google Docs, and all other connected Google accounts.
Obviously, this is a huge deal. A hacker who compromised Niantic (the PokÃ©mon GO creators) could potentially have access to a whole bunch of PII stored in that userâ€™s drive. Failing that, they could implant malware into a Google Drive in whatâ€™s known as a â€œMan In The Cloudâ€ attack, infecting any endpoints that synced with that particular cloud storage.
PokÃ©mon GO Threats from Every Direction
Although Niantic quickly patched PokÃ©mon GO in order to fix these erroneous permissions, the door is now open. The augmented reality revolution is now upon us, and there are going to be a deluge of â€œme tooâ€ games which capitalize on a similar premise. A lot of these â€œme tooâ€ games might contain risky code. Letâ€™s not forget the â€œxcodeghostâ€ attacks from last year. Worse yet, itâ€™s likely that several of these applications wonâ€™t be as considerate as Niantic when determining which permissions are appropriate for a game of this nature.
IT admins might quickly discover that their usersâ€™ phones and tablets have turned into vectors for malware that goes on to infect endpoints and servers. Fortunately, SentinelOne can help. To learn more about how SentinelOneâ€™s dynamic behavioral detection can help deflect attacks from even the most unexpected directions, check out our white paper on â€œThe 4-Minute Guide to Enterprise Security Threats.â€