In an effort to combat cheaters, hackers, API crackers and data miners ahead of Wizards Unite release, Niantic is hiring Security Engineers with experience in hardening game clients and corporate networks. Two new job listings have appeared on Niantic’s Careers page:
- Security Engineer (Client), offered in SF, LA and Sunnyvale (California), Seattle and Zurich
- Security Engineer (Operations), offered only in SF and Sunnyvale (California)
These job listings come as no surprise, as Niantic had huge problems with reverse engineering and API cracking in the early days of Pokemon GO – it was wild. In short, every part of the game’s code and the underlying networking protocol was a target for crackers. Niantic changed the networking protocol on a irregular basis, but the crackers would always find a way to exploit it and catch up with the latest change, resulting in a long cat-and-mouse game.
This seems to be changing dramatically, as Niantic is looking for experts in the field that can employ sophisticated solutions to prevent protocol abuse and discovery. The listing states the following requirements for a client-side security engineer:
- Multi-year experience in reverse engineering, obfuscation, signals detection (debugger, emulator, sandboxing, swizzle, hooking, fingerprinting, spoofing, MITM).
- iOS and / or Android kernel level experience.
- Proficient in the use of IDA Pro / Hopper and with ARM assembly (armv7 and arm64).
- In-depth experience working with state-of-the-art (Java, C++, C#, Bitcode) code protection platforms such as Metaforic, Vasco, Strong.Codes, and Proguard.
Although it may not be evident to the untrained eye, but by the looks of it, Niantic is building their a team that will try to data mine and reverse engineer their own games before they’re released. In other words, they’ll attack their own app and see what can be extracted in an effort to harden security and understand the vulnerabilities of the app itself.
Here’s a screenshot of one of the tools mentioned in the job listing (IDA, a state of the art disassembler and debugger):
We look forward to seeing what transpires from these job listings. Niantic has came a long way from Pokemon GO’s initial release and the increase in security measures should allow for a level playing field in Wizards Unite from day 1.
Do you know a security engineer interested in this job posting? Let them know!