In addition to hemorrhaging personal data, a new Pokemon game could allow hackers to assume complete control of a user’s smartphone, according to a former Pentagon intelligence official.
The assessment came from Tyler Cohen Wood, a former senior intelligence officer at the Pentagon’s Defense Intelligence Agency, speaking in reference to the popular “Pokemon Go” game released this month by developer Niantic. Cohen said the data collected by the game represents a gold mine for hackers, and that the nearly complete device access demanded by the game poses a sizable risk to users.
“Personal information such as name, address, phone number, contact list and browsing history” is all at risk, said Cohen, who now works as a cybersecurity advisor at Inspired eLearning. “They have access to your camera, photos and GPS history. This data is accessible to Niantic even when ‘Pokemon Go’ is not actively being used.”
The game attracted congressional attention last week over those privacy and security concerns, which have grown since its July 6 release. In a letter to Niantic CEO John Hanke, Democratic Sen. Al Franken of Minnesota requested that the company provide more information about the type of data it collects and how it handles the information.
Cohen said the problems were greater than any described to date. “Hackers … could even be able to take over control of a user’s device entirely,” Cohen said, surreptitiously gaining access to the full range of features on a device, including its camera and audio input.
Related Story: http://www.washingtonexaminer.com/article/2596482
She added that the game, which users commonly sign up for using a Google account, also could siphon information from email accounts. “Earlier releases included full access to your Google account, meaning Niantic could read and delete email contained in your Gmail account and documents stored in Google Drive,” Cohen said.
“It’s also important to note that Niantic’s terms of service policy states that they may share the data they collect with third parties who are not required to abide by Niantic’s terms of service,” she added.
Franken is asking the company to explain “exactly which features and capabilities” it needs to access to enable “provision of services” by Aug. 6. Within six days of the game’s release, he noted, it had about 7.5 million users, with its geographic expansion being delayed by the unexpected rate of growth.
