An Interest In:
Web News this Week
- March 23, 2024
- March 22, 2024
- March 21, 2024
- March 20, 2024
- March 19, 2024
- March 18, 2024
- March 17, 2024
August 25, 2018 02:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/St4Owit5_uc/epics-first-fortnite-installer-allowed-hackers-to-covertly-download-and-install-anything-o
Epic's First Fortnite Installer Allowed Hackers To Covertly Download and Install Anything on Users' Android Phones, Google Researchers Say
Epic decided to ditch Google Play Store for its sleeper hit Fortnite. By doing so, while Epic may have saved some money that it would have had to split with Google, it also ran into an issue that it could have avoided had it not parted ways with Google. AndroidCentral reports: Google has just publicly disclosed that it discovered an extremely serious vulnerability in Epic's first Fortnite installer for Android that allowed any app on your phone to download and install anything in the background, including apps with full permissions granted, without the user's knowledge. Google's security team first disclosed the vulnerability privately to Epic Games on August 15, and has since released the information publicly following confirmation from Epic that the vulnerability was patched. [...] When you go to download "Fortnite" you don't actually download the whole game, you download the Fortnite Installer first. The Fortnite Installer is a simple app that you download and install, which then subsequently downloads the full Fortnite game directly from Epic. The problem, as Google's security team discovered, was that the Fortnite Installer was very easily exploitable to hijack the request to download Fortnite from Epic and instead download anything when you tap the button to download the game. It's what's known as a "man-in-the-disk" attack.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/St4Owit5_uc/epics-first-fortnite-installer-allowed-hackers-to-covertly-download-and-install-anything-o
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot