A well-liked gaming platform utilized by a whole bunch of hundreds of thousands of individuals worldwide has been discovered susceptible to a number of safety flaws that would have allowed distant hackers to takeover gamers’ accounts and steal delicate knowledge.
The vulnerabilities in query reside within the “Origin” digital distribution platform developed by Digital Arts (EA)—the world’s second-largest gaming firm with over 300 million customers—that permits customers to buy and play a few of the hottest video video games together with Battlefield, Apex Legends, Madden NFL, and FIFA.
The Origin platform additionally manages customers EA Video games account authentication and permits them to search out buddies, be part of video games, and handle their profiles.
Found by researchers at Test Level and CyberInt, the vulnerabilities when chained collectively may have allowed attackers to hijack gamer’s EA account simply by convincing them into opening an official webpage from the EA Video games web site.
To carry out this assault, as proven within the video demonstration, researchers took benefit of a long-known unpatched weakness in Microsoft’s Azure cloud service that allowed them to takeover one of many EA subdomains, which was beforehand registered with Azure to host one of many Origin’s providers.
As defined in a previous report, if DNS (CNAME) of a site/subdomain is pointing to Azure cloud platform however has not been configured or linked to an energetic Azure account, another Azure consumer can hijack it to park that subdomain to his/her Azure server.
“Throughout Cyber Int’s analysis, although, [it] discovered that the ea-invite-reg.azurewebsites.internet service was not in-use anymore inside Azure cloud providers; nonetheless, the distinctive subdomain eaplayinvite.ea.com nonetheless redirect to it utilizing the CNAME configuration,” CheckPoint researchers stated in a report printed at present.
Of their proof-of-concept assault, researchers hijacked “eaplayinvite.ea.com” and hosted a script on it that exploited weaknesses within the EA video games’ oAuth single sign-on (SSO) and TRUST mechanism.
The webpage ultimately allowed the researchers to seize gamers secret SSO tokens simply by convincing them into visiting it in the identical net browser the place they have already got an energetic session on the EA web site and takeover their accounts with out requiring precise credentials.
“The TRUST mechanism exists between ea.com and origin.com domains and their subdomains. Efficiently abusing the mechanism enabled our analysis crew to govern the OAuth protocol implementation for full account takeover exploitation,” researchers defined.
In a worst-case state of affairs, CheckPoint researchers stated an attacker may have exploited these flaws to trigger potential harm like having access to gamers’ bank card data with the flexibility to fraudulently buy in-game foreign money on behalf of the gamers.
CyberInt and Test Level instantly reported their findings to EA Video games and helped the corporate repair the safety loopholes to guard their gaming clients. The safety agency went public with its findings at present—nearly three months after EA addressed the problems.