subscribe: Daily Newsletter

 

Dangers in unsecured Pokemon downloads

0 comments

South Africans who don’t want to wait any longer to download Pokémon Go from their official app store may be searching for ways to get the game onto their devices, and many may have succeeded via third party sites.
But, Securicom, a managed IT security services vendor, warns against it.
“Pokémon Go has been released in a few territories around the world, not including South Africa, yet,” says Securicom’s Michael Morton. “But there are ways to get the game onto devices and there are some big, trusted news and technology sites which are telling people how to do it. In all cases, getting Pokémon Go onto your device, as a South African, requires using un-trusted sites.
“Most of these sites will need you to allow your device to accept installations from ‘untrusted sources’. The mere reference to ‘untrusted’ should serve as a warning but when you want something on your device it’s probably not enough to deter you. People make use of sites like these if a certain application they are looking for is not available in their region,” he adds.
Since the release of Pokémon GO, traffic on APK Mirror, a site where APK (Android Application Package) can be downloaded, has increased by 597%, from just over 600 000 visits on 5 July to over 4-million visits on 6 July.
But Morton stresses that there are reasons for official app stores. Importantly, these stores review and check all apps to ensure that they are not harmful before they get loaded there. The Google Play Store, for instance, helps protect devices by blocking potentially harmful apps.
“Trusted app stores ensure measures are put in place to protect your device from malicious applications,” says Morton. “When downloading from untrusted sources, and enabling your device to allow this, you are potentially opening up your device to all kinds of threats in the cyber world. For example, an infected Android version of the newly released mobile game Pokémon GO has been discovered is a malicious file repository service.
“A version of the APK was modified to include the malicious remote access tool (RAT) called DroidJack which allows hackers to take control of a mobile device without the user even noticing it. With this tool they can open and install applications, install key loggers, read private messages and emails, and with the help of Google public API, see exactly where the individual is located. Clearly this is not something that you want living on your phone.
“Now, before you go ahead and hang up your Pokemon trainer cap, this APK has not yet been seen in the wild yet. However, it does provide evidence of a working prototype, providing hackers an easy entry to users mobile devices if the required security measures are by-bassed,” warns Morton.
He offers a few tips for users help make their mobile experiences more secure:
* Make sure your OS is up to date with the latest version or patch release. Google and Apple release new versions of their OS to address current vulnerabilities that exist.
* Download your applications from reputable sites that you OS provider recommends. Downloading untrusted applications or applications from a third party store might introduce malicious code on your device that compromises your device security.
* Install a mobile security application. There are many forms of free Anti-virus applications on the App store. These applications will scan your device and applications and report on any malicious or suspect behaviour.
* Use a personal firewall. This will be the same as a firewall sitting at your office. You can use the firewall to disable all ports on your device, only opening the ones you know are being used.
* Ensure you have the latest version of an application on your device. With each new version of an application certain features, both security and interface, are addressed and updated.