News

Fortnite hacker hole found by Google, Epic complains

close


Video

Everything to know about ‘Fortnite’

‘Fortnite’ has become a cultural phenomenon, and mega-hit video game developer Epic Games, with 125 million players around the world. What is it that makes this game so hugely popular, and how did it come this far?

Two weeks ago, Google researchers found a very serious vulnerability in Fortnite Android-installer. The error — which Epic Games has patched — would have let hackers to manipulate the Fortnite installer to load other apps, allowing users to phones wide open to attack.

Google made public the vulnerability of a week after Epic Games fixed, but asked Epic Games CEO Tim Sweeney accusing Google of acting in bad faith.

If you have already Fortnite is installed on Android, you are probably safe, because the installer app should have updated itself in the last 10 days. But to be safe, make sure that the Fortnite installer app on your phone is in version 2.1.0.

Epic Games — developer of the very popular online battle royale-style game available for the PlayStation 4, Switch, Xbox, macOS, iOS, and Windows decided earlier this month not to release the game in the Google Play app store, so that Epic Games could avoid paying the 30-percent reduction from the sale, if any Android (and Apple) – a developer who goes through the official app store.

More Of Tom’s Guide

  • The A Mobile Game You Must Play right Now (No, It’s Not Fortnite)

  • 15 Android Security Tips that You Should Know

  • Best Android Action Games

  • Enable 2FA in Fortnite (And Get a Free Emote)

Epic’s decision forced users to modify critical security settings in their Android phones that open the way for malicious activity — prompted sharp criticism from security experts over the internet.

The critics seem to be right. Google security experts have found out that the Fortnite Android installer for Samsung’s Galaxy phones contains the code that allows a man-in-the-drive attacks, This evil can apps with low rights to get control over the Fortnite installer to complete the installation of other malicious applications higher privileges. (It is not clear whether the installer app for non-Samsung phones was affected.)

Google reported the error to Epic Games on the morning of Aug. 15, and the game developers had a fix (version 2.1.0 of the installer) outside the door within 36 hours. Fortnite installer apps already on the user’s phones should update to the patched version automatically.

However, Epic Games strongly criticized Google for publishing information about the installer error on Aug. 24, just eight days after the patch is available. The company claims that Google acted in bad faith after Epic specifically asked and do not disclose the bug.

“We asked Google to keep the disclosure until the update was more widely installed,” Sweeney tweeted Saturday (Aug. 25). “They refused, creating an unnecessary risk for Android users to score cheap PR points.”

However, Google’s own security policy to determine that security bug reports are made public after 90 days of disclosure, or after “a patch is made widely available.” The 90-day windows, allows developers the time to solve problems, not to give users three months to install patches. Security experts generally agree that the vulnerability patches should be installed as soon as they are available.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular