Fortnite's Vulnerability: Only the Secure Survive

Fortnite's Vulnerability: Only the Secure SurviveFor the last two hundred years, Darwin’s ‘Survival of the Fittest’ theory of natural selection has shaped our view of man’s existence on earth. In the last couple of years, though, Fortnite, the massively popular online game played by millions worldwide, has taken this concept of survival to a whole new level.

Played in a virtual world, players of Fortnite are tasked with testing their endurance as they battle other online players for tools and weapons that will keep them secure and the ‘last man standing’. In the last few weeks, however, Check Point Research discovered security vulnerabilities in the game’s login process that could have allowed a threat actor to take over the account of any user, view their personal account information, purchase virtual in-game currency and eavesdrop on in-game chatter as well as home conversations.

Previous Fortnite Hacks created by Epic Games, an American video game developer, Fortnite is the game played by nearly 80 million people worldwide and is responsible for almost half of their $5bn-$8bn estimated company value. With such a meteoric rise in fortune, it is no surprise the popular game has already attracted the attention of cyber criminals set on conning unsuspecting players.

These scams previously took the role of deceiving players into logging into fake websites that promised to generate Fortnite’s ‘V-Buck’ in-game currency, a commodity that can usually only be acquired through the official Fortnite store or by earning them in the game itself. These sites promote players to enter their login credentials, as well as personal information like name, address and credit card details (usually of the player’s parents) and are spread via social media campaigns that claim players can “earn easy cash” and “make quick money”.

Our team’s research, however, relied on a far more sophisticated and sinister method, that did not require the user to hand over any login details whatsoever. Instead, it took advantage of Epic Games’ use of authentication tokens in conjunction with Single Sign-On (SSO) providers such as Facebook, Google, X-Box and others that are built in to Fortnite’s user login process....

Comments

Popular posts from this blog

N Chandrasekaran appointed chairman of Tata Sons

Visa buys NFT based CryptoPunk and paid $150,000 in Etherium

Prizm Payment Services changes its name to Hitachi Payment Services