Researchers of Check Point Reveal Potential Vulnerabilities That Would Affect Gamers of Fortnite
Check Point Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has revealed vulnerabilities that would let hackers have access to the accounts, data and in-game currency of gamers across the Fortnite online battle game.
Fortnite is a game popular on all gaming platforms entailing Android, iOS, PC via Microsoft Windows and consoles like Xbox One and PlayStation 4. The game has almost 80 million players worldwide while professional gamers and e-sport enthusiasts also use it besides the casual players.
One of the vulnerability, if exploited is that the attacker might have complete access to the user’s account and their personal information while enabling them to purchase virtual in-game currency via the user’s payment card details. Also, the vulnerability would allow the attacker to listen to in-game chatter and surrounding sounds and conversations. In fact, these new vulnerabilities could have been exploited without the player handing over any login details.
The researchers at Check Point demonstrated the token-based authentication process deployed along with Single Sign-On (SSO) systems like Facebook, Google and Xbox to access the user’s login credentials and take control over their account. This was because of the three vulnerability flaws discovered in Epic Games’ web infrastructure. Once the player clicks on a phishing link from an Epic Games domain, his/her Fortnite authentication token could be collected by the attackers without the user’s login credentials.
The potential vulnerability in fact originated from the flaws across two of Epic Games’ sub-domains that were susceptible to a malicious redirect wherein the legitimate authentication tokens can be intercepted from the compromised sub-domain.
Oded Vanunu, Head of Products - Vulnerability Research, Check Point, narrates, “Fortnite is one of the most popular games played mainly by kids. These flaws provided the ability for a massive invasion of privacy,” He adds, “Together with the vulnerabilities we recently found in the platforms used by drone manufacturer DJI, show how susceptible cloud applications are to attacks and breaches. These platforms are being increasingly targeted by hackers because of the huge amounts of sensitive customer data they hold. Enforcing two-factor authentication could mitigate this account takeover vulnerability.”
While Check Point has notified Epic Games of the vulnerability which has now been fixed, both the firms advise all users to remain vigilant when exchanging information digitally and to practice safe cyber habits. They also advise users to question the legitimacy of links to information displayed on user forums and websites and enable two-factor authentication wherein they need to enter security code before logging into their accounts on new devices.
Organizations ought to execute thorough and regular hygiene checks on their IT infrastructure while reviewing any outdated and unused websites or sub-domains that are still present online. Parents must also create awareness among their children regarding the threat of online frauds and cyber criminals.
Read more news: