Contact Us Blog Register Login
PreEmptive -
  • Home
  • Products
    • Application Protection
      • Dotfuscator for .NET
        • Overview
        • Features
        • Compare Editions
        • Xamarin Protection
        • Videos & Resources
        • Pricing
        • Downloads
      • DashO for Android & Java
        • Overview
        • Features
        • Videos & Resources
        • Pricing
        • Downloads
      • JSDefender for JavaScript
        • Overview
        • Features
        • Online Demo
        • Pricing
        • Downloads
      • PreEmptive Protection for iOS
        • Overview
  • Support
    • Product Support
      • Dotfuscator for .NET
      • DashO for Android & Java
      • JSDefender for JavaScript
      • PreEmptive Protection for iOS
    • Resources
      • White Papers
      • Glossary
      • Videos
  • Solutions
    • App Protection Solutions
      • Mobile App Protection
      • Desktop & Server App Protection
      • General Data Protection Regulation (GDPR)
      • Security Development Lifecycle
      • Application Integrity Protection
      • Mobile RASP
      • PCI Mobile Payment Acceptance Security
  • Company
    • About
      • Why PreEmptive?
      • About Us
      • Careers
      • Blog
    • Contact
    • Legal

Pokemon Go Hackers - Gotta Catch 'Em All

July 15, 2016 6850 Views Sebastian Holst

Pokefan Alert - augmented reality apps like Pokemon Go are rooted in the REAL WORLD (not a virtual one) – a real world with a host of very real dangers.

Pokemon Go players are walking into traffic, being lured into remote locations to be robbed, and last (but in no way least) they’re being duped into using counterfeit (tampered) Pokemon Go apps.

What’s the harm? The “Gucci” handbag I bought off the street doesn’t seem like much of a threat.

Given the central role of mobile devices in every aspect of our lives, counterfeit apps now pose as great a threat to public and personal safety as counterfeit medications or car parts. A mobile app with malware can take over your phone, your credentials, and your identity (way more toxic than a handbag with a fake fashion logo) – and, when considering something as wildly popular as Pokemon Go, mobile apps are also at least as lucrative a target for cut-throat criminals as well.

This is not a hypothetical - Researchers at proofpoint have already found hacked versions of Pokemon Go on Android – and there’s no reason to believe that there’s not an all-out race within the criminal hacker community to exploit the tremendous popularity of this (and any other) wildly popular app.

Consumers

It’s actually not too difficult to avoid counterfeits. Do not be tempted to side load Pokemon Go directly from a download; do not be tempted to go to a secondary app marketplace (other than Google Play or the iStore) – even if you’re in a region where Pokemon Go hasn’t been officially released. It’s simply not worth it.

Development Groups

You cannot passively ignore the responsibility that comes with any success that may come your way – the more popular (or mission critical from a business perspective) your work becomes, the more attractive your code becomes to attackers. If Willie Sutton were alive today, he wouldn’t rob banks – he’d be a hacker “because that’s where the money is.”

Application security and risk management (being a part of the “real world”) is not much different than any other flavor of security and risk management – to be effective, security controls need to be proportionate, layered, and consistently applied.

For consumer apps like Pokemon Go (and line of business apps too) this means understanding how hackers attack and setting up material obstacles at every turn – impeding (if not deterring) exploits and (when attacks succeed as they will from time-to-time) enhancing prosecution and punishment.

I have no personal knowledge of the precautions the authors of Pokemon Go have taken as a part of their development process – but let’s hope that they have implemented a layered approach designed to halt, delay, or at least discourage a would-be hacker at every step in their journey.

The following graphic outlines a typical Android hacker’s journey; the steps they are likely to take on one side and the traps and controls that can trip them up on the other such as Android obfuscation and anti-tamper technologies.

The Development Team’s Responsibility

Whether for selfish reasons (you don’t want to be the guys whose app screwed everything up), or ethical obligations (you know that you owe it to your user community), or legal risk (the courts are far from settling what kind of liability comes with deploying unsafe software ripe for exploitation) – there can be no doubt; app owners must bake effective risk management and security controls (devsecops) into every facet of their application’s lifecycle; from design through deployment and deprecation.

For more information on how to best manage application risk and secure intellectual property across mobile, on-premises and cloud-based development investments, contact solutions@preemptive.com or check out more information on DashO.

Categories

  • Dotfuscator

  • Dotfuscator CE

  • DashO

  • JSDefender

  • Press Releases

  • Mobile Protection

  • Risk Management

  • Support Corner

Latest Blog Posts

Protecting Java applications that use Jackson for JSON



JSON is a standard format for sharing objects and data within an application. When working in Java, there is no built-in support for JSON processing. There are, however, several widely-used libraries and options to choose from. In this article, we will focus on Jackson, which is one of the most popular.

Read more

Protecting C# applications that use AutoMapper



AutoMapper is an object-to-object mapping system used by many of our customers. It aims to simplify and organize code responsible for sharing instance values from an object of one type to an object of a different type.

Read more

Inventa, Wireless Technology Company, Protects their Android Application with DashO



Inventa, a Wireless Technology Company, Protects their Android Application with DashO

The Beginnings of Inventa

Having worked in the wireless mobile technology domain in the US, Anand Virani, became intrigued by the growing tech and wireless trends and wanted to explore the field more for himself. He noticed a boom in the Internet of Things (IoT) and that smartphones were becoming more central to how people interacted with each other at home, in the office, and in public places. What if there was a way phones could connect with each other without the need for Internet or cloud access? Smartphones were the future and Virani was determined to make a profitable business model based on this new trend.

Read more

Surgical Theater Protects their Medical Applications with Dotfuscator



Surgical Theater Protects their Medical Applications with Dotfuscator

How It All Started

How is flying a fighter plane similar to performing neurosurgery? They have more in common than you’d think. In 2005, Monty Avisar and Alon Geri, two Israeli fighter pilots were assigned to work with Lockheed Martin to build a $50 million F-16 Flight Simulator program for the Israeli Air Force to improve hand-eye coordination skills for their pilots during combat. Avisar took on the role of project manager and Geri served as senior engineer; the project was a success.

Four years later in 2009, the two finished their military service in Israel and moved to Cleveland, Ohio. Their experience working in virtual reality applications inspired them to wonder where this technology could also be applied. With several connections to surgeons, the two came to understand the ins and outs of operation procedures; in a similar way, surgeons were also working on a battlefield. What if surgeons could also train like fighter pilots and preview their surgical procedure, much like a fighter pilot could pre-fly their mission? The surgeons could pre-plan the operation from every angle and every approach to increase their situational awareness. And a year later, Surgical Theater was born.

Read more

Integrating DashO into a Maven Build



Maven is perhaps the most widely-used project management tool for Java. Based on the Project Object Model (POM), it is used not only for compilation of source code, but also dependency management, documentation, running tests, packaging, deployment, and more. We are frequently asked if we have a Maven plugin for running DashO. Though we do not offer a specific Maven plugin, adding DashO to your Maven-based project is surprisingly easy by leveraging Ant.

Read more

preemptive logo

767 Beta Dr. Suite A
Mayfield Village, OH 44143

Tel: +1 440.443.7200

solutions@preemptive.com

Latest Blog Posts

Protecting Java applications that use Jackson for JSON

December 30, 2020
Read more

Protecting C# applications that use AutoMapper

November 18, 2020
Read more

Inventa, Wireless Technology Company, Protects their Android Application with DashO

November 10, 2020
Read more

Surgical Theater Protects their Medical Applications with Dotfuscator

October 30, 2020
Read more

GlobalMed Finds Success by Switching to JSDefender

October 21, 2020
Read more

Twitter

@baldbeardbuild @GirlsWhoCode @baldbeardbuild thanks so much for inspiring us to be BUILDERS in our own community!… https://t.co/U6AyqPDhsa Jan 14 • reply • retweet • favorite

Copyright © 2020 PreEmptive

  • Home
  • Contact Support
  • Blog
  • Contact
Scroll to Top

PreEmptive uses cookies to improve the functionality of our website. By using this site, you agree to the use of cookies.