Pokémon Go has stormed the app market and crashed through the military gates with force and it appears to have globally transfixed more than 10 million people who have downloaded it since it launched July 7. The app is so popular, estimates are, it will ‘zombify’ millions more who will be spending hours every day looking for invisible Pokémon on their mobile devices whether at work or home.
On Monday, Security Battalion Marines reported kids wandering around housing at night with their heads glued to their phones. Kids will do that, but they are apparently so mesmerized by the game they may be wandering in the street and trespassing onto others’ property.
“In simple terms, Pokémon Go uses your phone’s GPS and clock to detect where and when you are in the game and make Pokémon “appear” around you (on your phone screen) so you can go and catch them. As you move around, different and more types of Pokémon will appear depending on where you are and what time it is. The idea is to encourage you to travel around the real world to catch Pokémon in the game. This combination of a game and the real world interacting is known as “augmented reality,” according to Vox article, “Pokemon Go, explained.”
“Unfortunately, Pokémon aren’t real — at least not yet. But technology has evolved to be able to simulate a world in which Pokémon are real. That’s essentially what Pokémon Go attempts to do: By using your phone’s ability to track the time and your location, the game imitates what it would be like if Pokémon really were roaming around you at all times, ready to be caught and collected,” the article by German Lopez states.
On Tuesday, there was a Pokémon discovered on Lejeune Field, and another at the Quantico train station.
Cute? Not really.
According to Adam Reeve, on his blog site of the same name, there are profound security concerns with this app.
“Pokémon Go has full access to your Google account. When you grant full account access, the application can see and modify nearly all information in your Google Account. This “full account access” privilege should only be granted to applications you fully trust, and which are installed on your personal computer, phone, or tablet.
Pokémon Go (developed by Niantic) can now:
- Read all your email.
- Send email as you.
- Access all your Google drive documents (including deleting items).
- Look at your search history and your Maps navigation history.
- Access any private photos you may store in Google Photos…and a whole lot more.”
- Learn how to remove Google Permissions from PokemonGo here.
So, picture this: Marines in uniform wandering around the base during working hours, or not, completely unaware of their surroundings in real life (because it’s been replaced by a virtual life), searching for invisible creatures.
What! Excuse me?
Let’s take this one step further and even more seriously.
Imagine more than one Marine, say 10 Marines, heads down, all searching for a Pokémon which has been conjured by an algorithm near a secure facility that handles classified information.
It’s common knowledge that the cameras on smart phones can be hacked and pick up live streams from wherever phone cameras are pointed. So now all 10 Marines’ phones are collecting imagery.
Someone intent on exploiting secure facility vulnerabilities, can not only now collect fresh imagery from these hacked sources, but can also see these physical vulnerabilities from 10 different aggregated angles.
Anyone else see a security concern here?
What about 10 different angles of the Quantico train station…how about 100 different angles?
What other scenarios can you imagine? Maybe the community children’s playground. Maybe the air station.
But wait, let’s complicate this further.
“When Boon Sheridan decided to convert an old church into his new home, he didn’t think he would end up fending off dozens of would-be Pokémon trainers. But that’s exactly what happened when Niantic, the augmented reality gaming company behind Pokémon Go, marked Sheridan’s home as a “gym” — one of the game’s hubs for training and battles, usually located at noteworthy buildings or landmarks. “Can’t wait to talk to my neighbors about it,” he wrote on Twitter, noting that the church had been decommissioned decades ago. “So, all these people pulling up at all hours? We don’t know them… and we can’t stop it,” according to Adi Robertson, from The Verge article, “What can you do when Pokémon Go decides your house is a gym?”
“Sheridan’s case is a perfect example of how digital overlays are
increasingly affecting our physical spaces. There’s something
invasive-feeling about a company that was once owned by Google casually directing its millions of users to go knock on someone’s door, even if only a small set of them ever make it there. And Pokémon Go isn’t the first location-based service to cause real-world annoyance. Traffic app Waze has irked homeowners who find their once-quiet streets crowded with drivers. For example, an IP mapping glitch once turned a Kansas farmhouse into ground zero for angry internet users,” Robertson states.
Perhaps funny to some, but Headquarters Marine Corps and the Pentagon are reported to now be Pokémon Gyms; so is the White House … perhaps not so funny after all.
Cyberwarfare is underway. Battles the general public knows nothing about are being waged.
Could the aggregated data Pokémon Go collects give an adversary an advantage in both real and virtual spaces?
Perhaps a word to Marines who have been already entranced by Pokémon Go: You will be better prepared to locate, close with and destroy an enemy by fire and close combat when the bullets are real if you hit the Barber Physical Fitness Center; rather than locate and close with invisible creatures in an imaginary world.
But then again, it may not be long before the Barber facility is a Pokémon Gym.
Keep your heads up, not down, and focus on security.
By Chuck Jenks, Public Affairs Officer, MCINCR-MCB Quantico