Pokemon Go security flaw enables hacker to take over gyms in London and New York using eggs
Reddit users say some gyms in London and NYC are guarded by eggs with zero combat powers.
Pokémon Go fans in New York City are reporting that hackers have somehow exploited a vulnerability in the Niantic Labs' mobile game that is enabling them to take over geolocated gyms with eggs, when it should not be possible to do so.
On Sunday (15 August), Reddit user tunneyb started a thread in the Pokémon Go section of the social bookmarking site, complaining that lots of New York City Pokémon gyms were not working and requested Niantic to remove them.
tunneyb took a screenshot showing that the Pokémon gym located at the Josephine Shaw Lowell Memorial Fountain in Byant Park, Manhattan had been affected by the glitch and taken over by an egg with zero combat power, meaning that Pokémon Go players in the area were unable to battle it, since it was an egg, not a Pokémon.
Other users also chimed in, claiming that the same hacker had also hijacked the Pokémon gyms located at the Tao Uptown Asian fusion restaurant at 58<sup>th and Madison; the New York Times Building in midtown Manhattan; the New York City Post Office; Madison Square Garden; Time Square and even the Nikola Tesla Plaque at Hotel New Yorker.
The same hacker also had two gyms in London, UK – namely the Buckingham Palace gym and the gym at Big Ben.
"I can't imagine people that are doing this actually like the game. Exploiting this kind of thing only makes it a high priority bug for Niantic, which means they have to divert the programmers to fixing it instead of giving us new features," wrote Reddit user RuponyKenshin.
"At the rate we're going we're not going to get any actual changes to the game for another six months, because all they're doing is putting out the fires."
How the game is supposed to work
In the game, augmented reality (AR) and real-world location data enables users to explore their surroundings and capture Pokémon, mysterious animal-like cartoon creatures with special powers.
Markers listed on an augmented reality map of the users' surroundings shows special locations like "PokéStops", where players can find in-game loot like food, potions, eggs and Pokéballs, or gyms, where users battle against Pokémon trainers from opposing teams in order to capture the gym for their side.
The way eggs are supposed to work is that the user collects them from a PokéStop, places the egg in an incubator, and then walks a specific distance, such as 2km, 5km or 10km with the app on in order to track the user's steps.
When the user has walked the required distance, the app then triggers the egg to hatch, and a random Pokémon will pop out of the egg. The objective is to enable players to get a chance to hatch a rare Pokémon, and that is literally all the eggs are meant to do.
What to do if you spot an egg guarding a gym
Hacking a gym in Pokémon Go literally has no monetary benefit and only serves as a way to irritate and frustrate other players in the game. There is also no means of getting rid of the hacker unless Niantic Labs patches the vulnerability and bans the user from the game completely, although the hacker could easily register a new account using another Google account.
IBTimes UK has reported the issue to Niantic Labs and is waiting for a response.
In the meantime, users are advised to go to Settings in the Pokémon Go app and select the option "Report High-Priority Issue", or click here to access Niantic Labs' support website. Once on the website, click "Submit a Request" and then select "Report an issue with a Gym or PokéStop", where you can fill in a web form and attach a screenshot of the egg taking over the gym.
© Copyright IBTimes 2024. All rights reserved.