Sunday , October 20 2019
Home / taiwan / "The Hero of the Fortress" has a hole! Hackers can easily steal player data

"The Hero of the Fortress" has a hole! Hackers can easily steal player data



Security vendor

The Check Point security provider has released today (30th) details of the vulnerability of the popular online survival game "Fortnet Hero" (Fortnite).

Security Check Point has announced today (30th) details of the vulnerability of popular online action Survivor Forttite game, warning that all players in the game may become victims of vulnerability.

Fortune Heroes has nearly 80 million players around the world and is fond of all players including Android, iOS, Microsoft Windows PCs and platforms such as Xbox One and PlayStation 4. With amateur players, Fortress Hero is also a favorite of professional online gaming players , and is very popular among e-sports fans. Once the vulnerability is exploited, the attacker can fully obtain his or her account and personal information and use the payment method that applies for the purchase of a virtual game currency.

In addition, vulnerability can also lead to privacy breaches, because the attacker can eavesdrop conversations during the conversation, even the sounds and conversations around the home or other play area. Fortress Heroes have previously been deceived and begged them to sign up for fake web sites that promise to generate a "V-Buck" currency of the game, and these new vulnerabilities can be hacked without the player having to provide details of the login. use.

Check Point, the insurance provider, describes how an attacker can use the vulnerability discovered during the Fortress Hero login process to get an account. Researchers have identified three vulnerabilities in Epic Games' online infrastructure to understand how attackers can simultaneously use authentication-based and single-sign authentication methods, such as Facebook, Google, and Xbox (SSO) system to steal user credentials and accounts.

Players who click on seemingly transparent phishing links from the Epic Games domain and attackers will be attacked. By clicking on the link, the attacker can easily capture the identification mark of his Fortress hero even without entering the login credentials. Research Pointers point out that potential vulnerabilities found in two sub-domains that are susceptible to malicious redirection will result in the hacker being able to intercept a legitimate user authentication token through an attacked subdomain.

Oded Vanunu, the leader of the vulnerability research at Check Point, said: "Hero of Fortress is one of the most popular games among online gamers, and these hackers give hackers the opportunity to attack privacy." We're still in the drone drummer manufacturer, vulnerabilities are detected in platforms that uses DJIs, showing that cloud applications are very vulnerable to attacks and destruction. These platforms have a large amount of sensitive client information and are being screened by more and more hackers. The vulnerability in which the stolen account is stolen. "

Check Point has informed Epic Games about the existence of vulnerabilities (now fixed). Check Point and Epic Games recommend that all users be careful about exchanging digital information and developing secure internet habits interacting with others. Users should be suspicious of their legitimacy regarding the links they see on forums and user sites.


Source link