![]() Over at Trail of Bits, the security team confirmed the presence of an "Uber" token that could have allowed low-level access to a user's account, but again it wasn't allowing anything malicious. Ari Rubenstein, a savvy programmer posting on Github, noted that even with some tweaking they couldn't force the app to grab emails. UPDATE: It seems that whilst the permissions granted to Niantic were extensive, it didn't actually take advantage of them. Success, it's clear, can be a dangerous thing. But it's come at a cost, with reports of criminals using the app's Pokéstop beacon, which attempts to connect users, to carry out robberies. Pokémon GO has become an instant hit, attracting more daily users than Twitter in a matter of days. ![]() Niantic hadn't responded to a request for comment at the time of publication. So right now, iPhone users have no option but to either risk their data or kill the app. ![]() But that feature is, inexplicably, not currently working. They could still enjoy the game, however, and sign up via the website. I don’t know how well they will guard this awesome new power they’ve granted themselves, and frankly I don’t trust them at all."Ĭoncerned users can do what Reeve did: revoke accounts and delete the app. "But I don’t know anything about Niantic’s security policies. This is probably just the result of epic carelessness," Reeve wrote. Keen eyed security pro Adam Reeve warned about the issue last week, noting that he didn't receive any warning about the permissions on download. "Now, I obviously don’t think Niantic are planning some global personal information heist.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |