Fortnite is a prime target for hackers as it has a user base estimated at around 80 million, and a recent vulnerability nearly made that target easier. Epic Games, the developers of the massively successful battle royale game, have patched an exploit that allows hackers unmitigated access to user accounts. The most likely use of such access is the robbery of virtual currency, but also eavesdropping on player conversations that could reveal a veritable treasure trove of information useful in further attacks.
The patch comes as a result of researchers at Check Point exploring various potential exploit points. Upon pinpointing the specific cause, which was a combination of cross-site-scripting and attacking an insecure single-sign-on (SSO) point, Check Point notified Epic Games of the issue. Initially, researchers, as noted in their report, thought that they were dealing with a SQL injection vulnerability. After gaining some useful data from the sub-domain as a result of their SQL attacks, researchers proceeded to uncover the true nature of what they were dealing with.
Check Point describes their process of discovering the Fortnite vulnerability as follows:
As we proceeded with our research, we found that the sub-domain ‘http://ut2004stats.epicgames.com’ contained a web page called “maps.” We guessed that this web page is used for presenting tournament statistics sorted by map name/id. When you are on the lookout for XSS vulnerabilities, both reflected and/or stored ones, it is clear you should look for a reflection of your input in the page – and this is exactly what we found in the search component.
Indeed, another feature of this page is the search bar that would act as the injection point for the XSS vulnerability... With no assumption or theory to be ruled out, we took a closer look at the SSO and indeed found that Epic Games had written a generic SSO implementation to support several login providers... we soon found that it was possible to manipulate the redirect URL and direct the user to any web page within the “*.epicgames.com” domain.
With the ability to control the “redirctedUrl” parameter, Fortnite players could be sent to a phony Epic Games site that contained the XSS payload.
Epic Games was smart to take this alert from Check Point researchers and implement a patch for Fortnite as soon as possible. With how easily researchers found the Fortnite vulnerability; it was only a matter of time before hackers did the same. Thanks to the due diligence of researchers, a potentially massive user account breach was avoided, which is good news for both Fortnite players and Epic Games' profit margin.
Featured image: Flickr / Janet