Windows 10 News and info | Forum
April 26, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Fortnite Android App Vulnerable to Man-in-the-Disk Attacks  (Read 113 times)
Hero Member
Offline Offline

Gender: Male
United States United States

Posts: 29943

I Do Windows

WWW Email
« on: August 26, 2018, 04:07:02 AM »

Google security researchers have revealed this week that the immensely popular Fortnite Android app is vulnerable to so-called man-in-the-disk (MitD) attacks.

This vulnerability allows low-privileged malicious apps already installed on a users' phone to hijack the Fortnite app's installation process and install other malicious apps that have a higher permissions level.

Epic Games, the Fortnite game developer, has released version 2.1.0 that patches this attack vector.

Fortnite app vulnerable to MitD

The concept of man-in-the-disk attacks has been recently detailed in more depth by security researchers from Israel-based cyber-security firm Check Point.

In a simplified explanation, MitD attacks are possible when an Android app stores data on External Storage mediums, outside its highly-secured Internal Storage space.

An attacker can watch a specific app's External Storage space and tamper with the data stored in this storage space because this space is shared by all apps.

The Fortnite app is vulnerable to this attack because the app does not contain the actual game, but is merely an installer. Once users install the app, this installer uses the device's External Storage space to download and install the actual game.

"Any app with the WRITE_EXTERNAL_STORAGE permission can substitute the APK immediately after the download is completed and the fingerprint is verified. This is easily done using a FileObserver. The Fortnite Installer will proceed to install the substituted (fake) APK," a Google researcher wrote in a bug report recently made public.

"If the fake APK has a targetSdkVersion of 22 or lower, it will be granted all permissions it requests at install-time. This vulnerability allows an app on the device to hijack the Fortnite Installer to instead install a fake APK with any permissions that would normally require user disclosure," the researcher added, while also sharing a demo video.

Epic Games dissatisfied with Google researchers

But the bug disclosure process came with a side dish of controversy. Epic Games CEO Tim Sweeney accused Google of pulling a PR stunt.

"We asked Google to hold the disclosure until the update was more widely installed. They refused, creating an unnecessary risk for Android users in order to score cheap PR points," Sweeney said on Twitter, referring to one of his engineers' request to Google to hold off from publishing for 90 days so Fortnite users could update their apps.

Google refused Epic Games' request and made the bug report public this week, a week after Epic Games released its patch, making many people believe this was payback after Epic Games pulled the Android app from the Play Store in order for the game developer to keep 100% of the games' profits.

The move was criticized by many security experts, who warned about possible security flaws that might go under the radar because the app wasn't scanned by Google's Bouncer service before reaching users' devices.

Google says most users have updated

But while a reason was not left in the original bug report, in a subsequent tweet, Sweeney revealed that Google engineers provided an explanation for their decision in private.

"Google did privately communicate something to the effect that they’re monitoring Fortnite installations on all Android devices(!) and felt that there weren’t many unpatched installs remaining," Sweeney said.

This week, Epic Games was also in the headlines for another security-related issue, but for a good reason. In a clever PR move, Epic Games decided to provide all players who turned on two-factor authentication (2FA) for their accounts with a "free dance" (in-game perk).


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page March 23, 2019, 10:53:32 AM