Augmented Reality games—where you wave a device around and the digital collides with reality— have been booming in popularity ever since Pokemon GO! rolled into mobile storefronts. However, many AR games haven’t really been designed with the possible consequences of real-world safety in mind. Take this hurricane howler, for example.
Even games that aren’t AR often include some sort of real-world activity. Black Watchmen is an Alternate Reality Game that involves solving puzzles both online and off, and depending on how much personal information you volunteer, you’ll gain access to more involved gameplay aspects.
At the absolute other end of the scale are games which (by accident or design) don’t include enough information ingame to explain how to achieve certain goals or tasks. In those cases, you’ll find a whole boatload of third-party tools, services, and community-driven sites that help keep the game fully functional from a “How do I do this?” perspective. Elite: Dangerous, for example , , . This could also bring risks in the shape of fake/malicious downloadable programs.
In all of this, the potential for people to abuse tools outside of the game itself is high. And that’s exactly what happened to players of Ingress, the AR sci-fi game about aliens and capturing portals. The game relies on lots of player data, including location, which is a big part of how it works. And despite the data being anonymous (and stacked alongside piles of other player information), there are limits.
Geolocation is a huge driver for the game, and when a third-party tool designed to prevent players spoofing location was put to use by cheaters, it resulted in players finding themselves blocked into their property by vehicles, notes left on their doorstep, and even players on the other team knowing the “victim” was going out of town on holiday.
Many AR games are dead in the water without geolocation, as without it you may as well be sitting at home. The challenge for developers is to ensure games where players are in competition aren’t abused and turned into weird cases of real-world harassment. For now, these (hopefully isolated) stalker cases will likely put some folks off taking the plunge into competitive AR titles, and that’s a shame.
At a time when games are becoming more sociable, it’s ironic that a tool designed to stop cheaters has ended up becoming another sneaky way to grief people both online and off. “Be mindful of the information you post online and reveal in games” doesn’t really help much when the culprit is data being scraped outside of your control. So unless the games you play can prevent this kind of activity, you may wish to simply leave some mobile titles on the shelf for the time being.
*** This is a Security Bloggers Network syndicated blog from Malwarebytes Labs authored by Christopher Boyd. Read the original post at: https://blog.malwarebytes.com/threat-analysis/social-engineering-threat-analysis/2017/11/augmented-reality-games-and-real-world-trolling/