Article edited from source - read the full story at news.ucsb.edu.
It’s reality and fantasy rolled into one: You’re walking down the street, looking at your smartphone, and suddenly you come face to screen with a little monster. It’s cute — it looks like a turtle, or a mouse or a fox.
Tapping your phone screen, you throw tiny balls at the creature until you strike and capture it. Voila, you now have a virtual pet you can train and send on missions. Or you can join teams, evolve your creature, collect items and fight for the prestige of your gym.
And all you really need are comfortable shoes and a smartphone with a lot of juice.
This is the world of Pokémon Go, the wildly popular augmented reality mobile game by San Francisco-based software developer Niantic, based on characters created by the gaming software company Nintendo.
Meanwhile, the viral popularity of the free-to-play game has raised concerns about cybersecurity. Players must provide location and, in some cases, personal information (when signing in through a Google account, for example), which creates the very real potential for leaked information. What’s more, hackers seeking to cash in on the phenomenon have created fake companion apps or launched an attack on the servers.
“The minute it became so popular our concern was that if there was a social component, if there was a way to see where your friends are, then it’s entirely possible for someone to spoof devices and apps, get into the system, and at a large scale, pull down data about where users are,” said UCSB computer science professor Ben Zhao, who studies systems, algorithms, networking and data. Zhao, along with his students, recently proved that the popular community-based navigation app Waze was vulnerable to hacking by creating fake accounts to intercept information between Waze users.
But Pokémon Go itself presents little risk of information leaks, according to Zhao. The game’s social component exists in the real world, with teams of friends, and not in players’ phones. “What’s interesting about Pokémon Go is that every single user, at least as it is right now, is completely isolated in their own world in almost every aspect of the game,” Zhao said. Save for the gym battles, which are fought between teams, as opposed to individual users, players have no contact with each other, and therefore create no opportunities for attackers.
This makes Pokémon Go quite different from the more typical online games in which multiple players are isolated in the real world and their characters interact in the virtual world either in teams or pitted against each other, such as in the popular games EverQuest or World of Warcraft. “It’s strange for the reverse to happen, which is that you’re physically walking around outside of the building together as a group of people and yet inside the game you don’t see each other at all,” Zhao said.
However, that is likely to change, added Zhao, who focuses his research on systems with enormous sets of data, such as social networks. An online game may at first attract huge numbers of players, but anyone who has played a popular online game knows that after a certain period of time interest will drop off, either because the play gets too difficult, or becomes redundant. To maintain interest, the game’s publishers must add new features, and a particularly powerful one is the online social component.
“The thing about the social aspect of things is that it’s sticky,” Zhao said “A lot of people stay on Facebook because everybody else you know is on it and they all talk there and if you’re not there you miss out. So there’s fear of missing out. In games it’s the same thing.”
Already players have been clamoring for the ability to trade Pokémon with friends, or battle it out with other players. This, in turn, could open up problems with information leakage as hackers spoof devices that lure players into interacting with these malicious scripts.
Still, there are ways of protecting user privacy, Zhao noted. One would be to limit online interactions to an exclusive list of friends with whom a player will share their information. A virtual Pokémon free-for-all may be more fun, he said, but that may lead to far more issues than Niantic’s already overtaxed servers could handle.
