قالب وردپرس درنا توس
Home / Technology / Just as the critics feared, Fortnite came for Android with an epic security risk

Just as the critics feared, Fortnite came for Android with an epic security risk



  Samsung Galaxy Note 9 Fortnite

Fortnite on Samsung Galaxy Note 9.


Sarah Tew / CNET

After seeing friends playing Fortnite on their iPhones for several months, you may have downloaded the game the other became available to your Android phone. I understand. But it may have jeopardized you.

As detected by Android Central, Google has revealed a major vulnerability in the Epic Games original Fortnite installer for Android, one that could have used the Fortnite installer to install and launch a rogue app, and even give that app Access the phone's data without knowing it.

For the attack at work, it sounds like you already needed to have a piece of malicious software on the phone, ready and waiting to strike. But not a particularly sophisticated. After prompting Fortnite Launcher to download Fortnite, Google claims that an app with the WRITE_EXTERNAL_STORAGE permission could have replaced the real Fortnite app with a false after security checks already completed. It is known as a "man-in-the-disk" attack.

Worse, the Fortnite installer can automatically have given a fake app all the permissions it requests (access to microphone, location, SMS, etc.), giving it an incredible amount of power over your data. This is because the Fortnite installer tries to set the authorization step ̵

1; when Google asks you to allow new apps to access specific items on your phone, which the Google Play store includes as standard.

CNET was one of many who was worried about weeks ago when it was found that Epic Games was next to the Google Play Store with its own special installer due to the risk it could lead to that people download the game. Sounds like these concerns were justified.

Fortunately, vulnerability was not long. Fortnite became available for Android August 9, starting with Samsung Galaxy Devices and then available to all Android on August 12th. Google brought vulnerability to Epic Games attention August 15th. Epic Games immediately acknowledged its mistake and fixed the error with version 2.1.0 of launch on August 16th.

This means that there was only a weekclick when people could have been affected and there is no indication that someone actually was. Nevertheless, with an app that was hyped like Fortnite, there would have been significant incentives for hackers to try.

Epic Games did not respond immediately to a request for comment, but Epic CEO Tim Sweeney has public inquiry if Google made it responsible by exposing vulnerability early:

Google provided the following statement: "User Security is our Top Priority, and as part of our proactive malicious software monitoring, we identified a vulnerability in Fortnite installer. We immediately reported Epic Games and they solved the problem. "Here are Google's security guidelines.


Now Playing:
See This:

Fortnite's Gamescom booth is a bonkers gamer paradise


1:22

Update, 12:12 p.m. PT: With Google Statement


Source link