There are around 200 million players into the popular Battle Royal game, Fortnite. The game has become the undisputed champion of global online gaming. The game has undergone a massive dominance and growth in the gaming industry. There is a new trend in online gaming because of Fortnite.
History suggests that the huge platforms have massive targets pointed towards them. The game deals with everyday digital security issues.
The history of Fortnite shows how much the developer focuses on the game for making it safer for the players. Some people also came up with scams in Google’s Android Play Store.
Fortnite: The destructive vulnerability
Now, a new research team from Check Point says that there are three other vulnerabilities in Fortnite. Check Point is an IT security firm.
According to Check Point, there are three types of vulnerabilities in the web infrastructure. These vulnerabilities will help a hacker to control people’s accounts in the game.
The researchers came up with the finding to Fortnite’s developer. The incident took place at the beginning of November. After this Epic Games immediately put a team to fix the bugs. The findings were very significant. These flaws were visible in the sign-on setup screen of the game.
Fortnite: How does this bug affect a user account?
With the flaw, anyone can log into many services with a single account. These schemes use a user’s Facebook account to connect to the app.
This functionality makes it easy to join the game. The only problem is that the functionality keeps track of the login credentials. It reduces the security demands of a company.
The singular sign-on service has the potential of becoming a point of failure. This will expose the account of the user exponentially.
The accounts are exposed to multiple platforms across the web. Oded Vanunu says that the applications generally speak with the third parties.
The third parties then transfer the data between different applications as well as many platforms.
The transfer doesn’t involve any restriction with only Epic Games. It is entirely the fault of Epic Game as they are making mistakes while implementing the authentication.
The modern-day cybercriminals and malicious hackers want access to multiple user accounts. Once an attacker gets into the game, they can travel to the server.
Then moving to the cloud becomes easy. With Fortnite people can log in with Google, Facebook, Xbox Live, PlayStation Network as well as Nintendo account.
Fortnite: The attacker and eavesdropping
The attackers can easily use the account. They can also purchase gifts as well as the in-game currency V-Bucks.
Fortnite doesn’t allow multiple sign-ins to a single account. Once the attacker is in the victim’s account, the victim won’t be able to log on. Check Point reveals in the report that a single bug has made this possible.
The bug allows that attacker to eavesdrop on in-game conversations. Check Point clarifies The Verge that this doesn’t indicate eavesdropping on the victim.
The attacker will have a chance to present themselves as the victim. They can also communicate with the player’s friends.
The vulnerability can also lead to producing a continuous attack flow. The developers can trace back the vulnerability which would lead to the flaws in Epic Games’ two subdomains.
This will allow a breach in legitimate gamer authentication tokens. And then a hacker can intercept the user account and take control.
Epic Games reveals that they have fixed the flaw. There is also a possibility that someone other than Check Point might have spotted the same flaw.
One of the spokespeople from Epic Games told WIRED that they are grateful to Check Point for bringing in this detail.
The developer encourages their players to protect their accounts. The players should always use a strong password to log in.
On the other hand, they must never re-use the password. The only thing people can do is wait and see. Players hope that Epic Games should solve this problem for good.
Source: The Verge, Forbes