Fortnite Android to be Vulnerable to MitD Attacks

According to Google researchers, Android version of one of the most popular videogames had a serious security gap
28 August 2018   1527

Security experts from Google found a vulnerability in the installation package of Fortnite for Android-smartphones. The application is vulnerable to Man-in-the-Disk (MitD) attack. It allowed to download and run any application with an unlimited number of privileges. The company-developer has already released version 2.1.0 with security fixes.

Researchers of the corporation published information about the problem in Google's bug-tracker on August 15, 2018. They became interested in the app after the publisher decided not to release the game in the Google app store, thereby deciding not to give the company 30% of the revenue for in-game purchases.

After it became known, profile publications like Android Central expressed concerns about the safety and usefulness of such an Epic strategy. The company promotes the game installer through its own site, and to launch it, it is necessary to put a checkmark in the box "Installing from unreliable sources" of the device settings.

Using the MitD vulnerability in the Fortnite installer, an attacker could download any program to the device, including malware. This was due to the peculiarity of external memory management in Android - it is used by all applications together. Because the mobile version of Fortnite does not contain the game itself, but loads additional files from the Epic Games repository, it leaves the external memory open to hackers.

Any app with the WRITE_EXTERNAL_STORAGE permission can substitute the APK immediately after the download is completed and the fingerprint is verified. This is easily done using a FileObserver. The Fortnite Installer will proceed to install the substituted (fake) APK. If the fake APK has a targetSdkVersion of 22 or lower, it will be granted all permissions it requests at install-time. This vulnerability allows an app on the device to hijack the Fortnite Installer to instead install a fake APK with any permissions that would normally require user disclosure.

Google Researcher

After publishing the information in the bug tracking system, the researchers of the corporation informed Epic developers about the need to release the patch. The specialists made a report on the problem public on August 25, 2018, a week after the correction appeared in version 2.1.0.

Android is an open platform. We released software for it. When Google identified a security flaw, we worked around the clock (literally) to fix it and release an update. The only irresponsible thing here is Google’s rapid public release of technical details. We asked Google to hold the disclosure until the update was more widely installed. They refused, creating an unnecessary risk for Android users in order to score cheap PR points. Google did privately communicate something to the effect that they’re monitoring Fortnite installations on all Android devices(!) and felt that there weren’t many unpatched installs remaining.

Tim Sweeney

CEO, Epic Games

Another Battle Royale game - PlayerUnknown's Battlegrounds - also became the target of hackers. In April 2018, the researchers found a related ransomware.

Zabbix 4.4 to be Rolled Out

Monitoring system consists of 3 components - server, "agents" (monitor software tools) and frontend
14 October 2019   50

After 6 months of development, a new version of the Zabbix 4.4 monitoring system is available, the code of which is distributed under the GPLv2 license. Zabbix consists of three basic components: a server for coordinating checks, generating test requests and collecting statistics; agents for performing checks on the side of external hosts; frontend for organizing system management.

To relieve the load from the central server and form a distributed monitoring network, a series of proxy servers can be deployed that aggregate data about the verification of the host group. Data can be stored in MySQL, PostgreSQL, TimescaleDB, DB2, and Oracle. Without agents, the Zabbix server can receive data using protocols such as SNMP, IPMI, JMX, SSH / Telnet, ODBC, and test the availability of Web applications and virtualization systems.

Get some more info at the official website.