CHKP), a leading cybersecurity provider, shared the details about vulnerabilities that could affect any player of the popular online battle game, Fortnite, which is available on all gaming platforms including Android, iOS, PC via Microsoft Windows and consoles such as Xbox One and PlayStation 4. According to the analysis carried out by Check Point, this vulnerability, if exploited, could give cybercriminals complete access to users’ accounts and personal information, as well as allow purchases with the virtual in-game currency by making use of victims’ credit card information.

A team of investigators from Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading cybersecurity provider, shared details about vulnerabilities that can affect any player in the popular online battle game, Fortnite, which is available at all gaming platforms including Android, iOS, PC via Microsoft Windows and consoles like Xbox One and PlayStation 4.

  How to change servers in Fortnite

According to the analysis carried out by Check Point, this vulnerability, if exploited, could give cybercriminals complete access to users’ accounts and personal information, as well as allow purchases with the game’s virtual currency, making use of the victims’ credit card information . This vulnerability could also give rise to a super invasion of privacy, as attackers would be able to hear conversations during the game, as well as surrounding sounds, including the victims’ conversations with people who are in their homes or elsewhere where they are. meet. While Fortnite players have already been targeted by schemes aimed at getting them to log into fake websites that promised to generate the in-game currency, “V-Buck”. These vulnerabilities could have been exploited without players sharing their login information.

  Hard disk data recovery

How can this vulnerability be taken advantage of?

Check Point researchers described the procedure by which the attacker could eventually gain access to users’ accounts through vulnerabilities discovered during their login process. Thanks to the three security holes discovered in Epic Games’ web infrastructure. The research team was able to demonstrate how the token-based authentication process, used in conjunction with the Single Sign-On (SSO) system on Facebook, Google and Xbox, manages to steal users’ login credentials and take ownership of them. your accounts.

Join the discussion on Twitter

To be a victim of this attack, the player just has to click on a phishing link sent by the cyber criminal, through the domain of Epic Games, so that everything looks normal. Once clicked, the Fortnite authentication token can be captured by the attacker, without the user having to type any of their credentials. According to Check Point’s team of investigators, potential vulnerabilities caused by flaws found in two Epic Games subdomains, which were likely to be maliciously redirected, allowed users’ legitimate authentication tokens to be intercepted by a hacker via a compromised subdomain.

  Fortnite can be banned from the App Store, Unreal Engine cannot

“Fortnite is one of the most popular games, played mostly by kids. These security breaches make room for a massive invasion of privacy,” says Oded Vanunu, Head of Products Vulnerability Research at Check Point. “Along with the newly discovered vulnerabilities in the platforms used by drone maker DJI, it showed how susceptible cloud applications are to cyber attacks and security breaches. These platforms are increasingly being targeted by hacker attacks, thanks to the large amount of sensitive information they store. Applying two-factor authentication can help mitigate the vulnerability that causes user accounts to be hacked.”

Advice on how to prevent online account theft
Check Point has alerted Epic Games to this vulnerability, which is now resolved. Check Point Software and Epic Games advise all users to remain vigilant, whenever there is exchange of information at a digital level, and to adopt security practices, every time they connect with other users online. Users should always question the legitimacy of links provided on user sites and forums.

  Peaky Blinders: Mastermind – A game made by the Birmingham gang

Organizations must act rigorously in this situation and make regular checks of their IT infrastructure, not letting websites or online hotspots become outdated or unused. Furthermore, it is good practice to review any site or subdomain that is still online but is not being used.

To minimize the risk of victims falling into attacks that exploit vulnerabilities like these, users should adopt a two-factor authentication access policy. This new way of logging in will send a code to the associated email account to ensure security whenever users log in using a new device. It is also important that parents alert their children to the dangers of cyber attacks, making it clear that attackers will do everything to gain access to personal and banking information, which may be contained in users’ online accounts.

  How to merge two Fortnite accounts

A complete technical analysis of these vulnerabilities is available at Check Point Research blog.

Share.

Comments are closed.