Wednesday , June 19 2019
Home / taiwan / "Hero of Fortress" has a gap! Hackers can easily steal player information | Games | New Head Shell Newtalk

"Hero of Fortress" has a gap! Hackers can easily steal player information | Games | New Head Shell Newtalk



Security vendor

Checkpoint Security Officer today (30th) announced details of the vulnerability of the popular online game "Fortnet Hero" (Fortnite).

Check Point security provider today (30th) announced details of the vulnerability of Fortjte's popular survival online game, warning that all players in the game could become vulnerable.

Fortress Heroes has nearly 80 million players worldwide and is loved by all players, including Android, iOS, Microsoft Windows, and platforms such as Xbox One and PlayStation 4. In addition to amateur players, Fortress Hero is also the dear to professional players who play online games , and is very popular among e-sports enthusiasts. Once the vulnerability is exploited, an attacker can fully access a user account and personal information and, using a payment method to log in, purchases a virtual currency currency.

Additionally, this vulnerability may also violate privacy, as the attacker may watch the victim's interview during the game, and even sounds and conversations at home and other game devices. "Fortress Heroes" players have been deceived and tempted to sign up for bogus websites that promise to create a "V-Buck" game currency, and these new vulnerabilities can be hacked without the player having to provide any credentials. Use.

Check Point, the insurance provider, outlines how an attacker can take advantage of the vulnerability found during the Fortress Hero login process in order to obtain a user account. Researchers identified three security vulnerabilities in the Epic Games network infrastructure to understand how attackers can simultaneously use token-based authentication and single sign-on authentication, such as Facebook, Google, and Xbox (SSO), to steal access rights and user accounts.

Players who click on seemingly transparent phishing links from Epic Games and attackers will be attacked. By clicking on the link, an attacker can easily capture the identity of his fortress hero without entering the credentials. Check Point researchers point out that potential mistakes that occur in two Epic game domains that are threatened by dangerous redirection will result in the hacker being able to capture a legitimate user authentication token through the infected subdomain.

Oded Vanunu, head of Check Point's vulnerability research, said: "The Fortress Hero is one of the most popular games among online gamers that gives hackers the opportunity to invade privacy." In platforms used by DJI, vulnerabilities have been discovered to show that cloud applications are very prone to attacks and destruction, and these platforms have a large number of sensitive customer data and more and more hackers are being displayed, and the vulnerability of the account being stolen. "

Check Point has notified Epic Games of the existence of this vulnerability (now fixed). Check Point and Epic Games recommend that all users be exchanged with digital information and develop safe online habits to interact online with other wizards. Users should be suspicious of their legitimacy about the links they see on user forums and websites.


Source link