Tuesday, December 3, 2024
HomeComputer SecurityAccount Take over Vulnerability in EA Origin Game Client Let Hackers Hijack...

Account Take over Vulnerability in EA Origin Game Client Let Hackers Hijack the 300 Million Gamers Account

Published on

SIEM as a Service

Researcher uncovered a critical chain of vulnerabilities in Popular EA’s Origin gaming client allows attackers to take over the players account and committing the identity theft against 300 Million EA Gamers.

EA (Electronic Arts) is a second largest American based video gaming company who is behind the some of the most famous games including EA Sports titles FIFA, Madden NFL, NHL, NBA Live, and UFC.

The vulnerability resides in the EA origin game client platform can be exploited by abusing the authentication token that used for abandoned subdomains with the OAuth Single Sign-On (SSO) and users login process Trust mechanism.

- Advertisement - SIEM as a Service

There are several domains including ea.com and origin.com used by EA to provide different services for its gamers that helps users to create a new account and guide to purchase new games in the EA store.

EA Games also configured some of the subdomains under the main domains with DNS address and CNAME records.

During the coordination research conducted by CyberInt and Check Point analyzed one of the EA Games subdomain eaplayinvite.ea.com which is configured with a DNS CNAME and it is pointed to another subdomain ea-invite-reg.azurewebsites.net.

The subdomain used by EA Games hosted in Microsoft Azure (ea-invite-reg.azurewebsites.net) was no longer in use, but the alias record still exists with eaplayinvite.ea.com.

So the researchers opted to register “ea-invite-reg” with Azure that allows them to hijack the subdomain “eaplayinvite.ea.com “ along with the interception of any legitimate EA Games’ user requests.”

According to cyberint, “Having seized control of the eaplayinvite.ea.com subdomain guided research toward the new goal of examining how the TRUST mechanism between EA Games’ ea.com or origin.com domains and their subdomains could be abused to manipulate the OAuth protocol implementation for full account take-over/exploitation”

In results, Researchers figured out that the EA games oAuth SSO implementation within several EA services such as answers.ea.com, help.ea.com, and accounts.ea.com.

“The SSO mechanism exchanges the user credentials (username & password) by unique SSO Token and this token can be used to authenticate any platform that belongs to EA network.”

So if the attacker steals the SSO Token by sending the specially crafted malicious link to victims, it gives them an active login session, eventually trigger the authentication to hijack the victim’s account.

Watch the demonstration about how an attacker hijacking the gamers live session to compromise their entire account and gain access to their sensitive data.

According to Oded Vanunu, Head of Products Vulnerability Research for Check Point, “EA’s Origin platform is hugely popular; and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users’ accounts,”

This critical vulnerability not only provides access to the gamers account but it allows the attacker to purchase the virtual currency using the user’s credit card.

In order to avoid such attacks and protect from session hijacking, Check Point and CyberInt strongly advise users to enable two-factor authentication and only use the official website when downloading or purchasing games.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Poison Ivy APT Launches Continuous Cyber Attack on Defense, Gov, Tech & Edu Sectors

Researchers uncovered the resurgence of APT-C-01, also known as the Poison Ivy group, an...

Hackers Can Secretly Access ThinkPad Webcams by Disabling LED Indicator Light

In a presentation at the POC 2024 conference, cybersecurity expert Andrey Konovalov revealed a...

“Bootkitty” – A First Ever UEFI Bootkit Attack Linux Systems

Cybersecurity researchers have uncovered the first-ever UEFI bootkit designed to target Linux systems.This...