Saturday , October 19 2019
Home / taiwan / "The Fortress Hero" has a hole! Hackers can easily steal information for players Games | New Shell Newtalk Shell

"The Fortress Hero" has a hole! Hackers can easily steal information for players Games | New Shell Newtalk Shell



The security vendor

The security vendor Check Point today (30th) announced the vulnerability details of the popular Fortnet Hero online survival game.

The security vendor Check Point today announced (30th) the vulnerability details of the popular Forttite online survival game, warning that all players in the game could become victims of vulnerability.

Heroes of Fortune have about 80 million players around the world and are loved by all gamers, including Android, iOS, Microsoft Windows computers and platforms such as Xbox One and PlayStation 4. In addition to amateur players, Fortress Hero is also, pet of professional players to play online games, and is very popular among e-sport enthusiasts. Once the vulnerability has been exploited, the attacker can fully obtain the user account and personal information and use the payment method for which they are logged in to buy the virtual game currency.

In addition, vulnerability can also lead to privacy violations, as an attacker can eavesdrop on the victim's conversation during the game, even the sounds and conversations around the home or other games. Players of "hard-core heroes" were previously deceived and seduced to log in to fake websites that promise to generate a V-Buck currency, and these new vulnerabilities can be broken without the player having to provide any login information. Use.

Check Point, an insurance vendor, states that an attacker can use the vulnerability detected during the "Fortress Fortress" login process to get a user account. The researchers identified three vulnerabilities in the network infrastructure of Epic Games to understand how attackers can simultaneously use token-based authentication processes, and a single sign, such as Facebook, Google and the Xbox (The SSO System) steals user credentials and accounts.

Players who click on seemingly transparent phishing links in the domain of epic games and attackers will be attacked. By clicking on the link, an attacker can easily capture the identity of his Hero on the fort, even without entering into any authority to log in. Check Point researchers say the potential vulnerabilities found in both Epic Games subdomains that are vulnerable to malicious redirects will result in the hacker being able to intercept the legitimate user authentication token through an attacked subdomain.

Odd Vanunu, Head of the Check Point vulnerability research, said: "Fortress Hero is one of the most popular games for online gamers. These disadvantages give hackers the ability to attack privacy. Vulnerability has been revealed in platforms used by DJI, showing that cloud applications are highly vulnerable to attack and destruction. These platforms have a large amount of sensitive customer data and are seeing more and more hackers. Implementation of two identification factors can help alleviate First. A vulnerability in which account was stolen. "

Check Point reported Epic Games about the existence of vulnerability (now fixed). Check Point and Epic Games recommend that all users be careful when exchanging digital information and developing secure online habits when communicating online with others. Users should be suspicious of their legitimacy regarding the links they see on user forums and websites.


Source link