Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, and CyberInt, the leading cybersecurity provider of managed threat detection and mitigation services to digital consumer businesses, identified a chain of vulnerabilities in the Origin gaming client developed by Electronic Arts (EA). Once exploited, the vulnerabilities would have led to player account takeover and identity theft.
EA is the world’s second largest gaming company and boasts household gaming titles such as FIFA, Madden NFL, NBA Live, UFC, The Sims, Battlefield, Command and Conquer and Medal of Honor in its portfolio. The games leverage the Origin client gaming platform, which allows users to purchase and play EA’s games across PC and mobile. Origin contains social features such as profile management, networking with friends via chat, and direct game joining. It also includes community integration with sites such as Facebook, Xbox Live, PlayStation Network, and Nintendo Network.
CyberInt and Check Point researchers responsibly disclosed the vulnerabilities to EA in accordance with coordinated vulnerability disclosure practices to fix the vulnerabilities and roll out an update before threat actors could exploit EA. They combined their expertise to support EA in developing the fixes to further protect the gaming community. The vulnerability EA closed could have allowed a threat actor to hijack a player’s session, resulting in account compromise and takeover.
“Protecting our players is our priority,” said Adrian Stone, Senior Director, Game and Platform Security at Electronic Arts. “As a result of the report from CyberInt and Check Point, we engaged our product security response process to remediate the reported issues. Working together under the tenet of Coordinated Vulnerability Disclosure strengthens our relationships with the wider cybersecurity community and is a key part of ensuring our players stay secure.”
The vulnerabilities found in EA’s platform did not require the user to hand over any login details whatsoever. Instead, it took advantage of abandoned subdomains and EA Games’ use of authentication tokens in conjunction with the OAuth Single Sign-On (SSO) and TRUST mechanism built into EA Game’s user login process.
“EA’s Origin platform is hugely popular; and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users’ accounts,” said Oded Vanunu, Head of Products Vulnerability Research for Check Point. “Along with the vulnerabilities we recently found in the platforms used by Epic Games for Fortnite, this shows how susceptible online and cloud applications are to attacks and breaches. These platforms are being increasingly targeted by hackers because of huge amounts of sensitive customer data they hold.”
“CyberInt provides continuous, automated early detection, taking the attacker’s perspective to enable companies to protect their customers and business proactively,” said Itay Yanovski, Co-Founder and SVP Strategy for CyberInt Technologies. “Gaming goods are traded in official and unofficial marketplaces in the darknet, which makes attacks against gaming studios very lucrative. We believe the cybersecurity industry has the responsibility to protect people, so we make sure to alert the industry with threat-centric security research on newly detected adversary campaigns, such as the recent TA505 – to ensure that the most effective detection and mitigation measures are taken.”
Check Point and CyberInt strongly advise users to enable two-factor authentication and only use the official website when downloading or purchasing games. Parents should create awareness among their children around the threat of online fraud, that cyber criminals will do anything to gain access to personal and financial details, which may be held as part of a gamer’s online account. Check Point and CyberInt encourage gamers to always be vigilant when receiving links sent from unknown sources.
- Read the full technical analysis of the EA Games vulnerability from the Check Point Research blog.
- See the video: EA Games Vulnerability Leads to Account Takeover & Identity Theft, detailing the discovery and nature of the find.
Follow Check Point Research via:
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch_
Follow Check Point Software via:
Twitter: https://www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
Blog: https://blog.checkpoint.com
YouTube: https://www.youtube.com/user/CPGlobal
LinkedIn: https://www.linkedin.com/company/check-point-software-technologies
Follow CyberInt Research via:
Blog: https://blog.cyberint.com/
YouTube: https://www.youtube.com/channel/UCzlxztuatw1FGKSnptjpx9Q/featured
LinkedIn: https://linkedin.com/company/cyberint
Twitter: https://twitter.com/cyber_int
About Check Point Research
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud AI to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to governments and corporate enterprises globally. Check Point’s solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and advanced targeted threats. Check Point offers a multilevel security architecture, “Infinity Total Protection with Gen V advanced threat prevention”, this combined product architecture defends enterprises’ cloud, network and mobile devices. Check Point provides the most comprehensive and intuitive one point of control security management system. Check Point protects over 100,000 organizations of all sizes.
About CyberInt Research
CyberInt Research is focused on investigating adversary tradecraft and tactics, techniques and procedures (TTP) focusing on threats to various sectors and industries across regional locations. CyberInt Applied research team tracks new and emerging threats and threat actors to provide insights into their capabilities and operations.
About CyberInt
CyberInt (www.cyberint.com) transforms cybersecurity into a business enabler with targeted threat detection and mitigation. CyberInt delivers the only digital risk and threat intelligence platform combining cyber expertise and profound business understanding to deliver insights and actions that protect what matters most: the business goals, customers, employees, and brand. CyberInt serves top retail, finance, and gaming organizations around the world and has developed a deep understanding of the threats, needs, and behaviors particular to each industry.