Free Fire: breach found that allowed hacking accounts – Somag News

A loophole in the Free Fire gift-sending system allowed an attacker to improperly access accounts, guaranteeing possession even over diamonds (the game’s paid currency). Discovered by the ethical hacker Gabriel Pato, the absence of a cryptographic mechanism in the communication with the servers made it possible to steal session tokens, which provide undue access.

The vulnerability was categorized by the digital security expert as “alarming”. Considering its severity, inversely proportional to the simplicity of the problem. Lacking encryption between the game’s communication and the dedicated servers during data sending, the user’s session token was exposed and could be stolen by attackers.

Tokens are a kind of key, they are linked to the user’s session as soon as he logs in and follow any communication between the player and the server. However, part of the communication between the mobile application and the matchmaking, text chat and support servers did not protect the information in this token – which is nothing more than a flat alphanumeric code.

Thus, Gabriel Pato says that a haceker could break into any account while the game is accessed over the same Wi-Fi network and still interact with the Free Fire servers posing as stolen identity.

The experience is practically identical, sending inappropriate messages in the chat and having access to the diamonds – being able to send them as gifts, or spend them on any item in the game.

The complaint

As soon as he found the fault, Gabriel Pato documented it to send it as a complaint to Garena, the company responsible for Free Fire. Without official means to carry out the complaint, the specialist sought contact through colleagues. Fortunately, the company was solicitous with the complaint and quickly confirmed its existence.

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *