Security flaw in FIFA system allowed access to World Cup TV stream
6 reported
A security researcher reported that a flaw in FIFA’s internal systems allowed her to access and control the television broadcast of World Cup games. The researcher, known as BobDaHacker, said she registered as a player agent on FIFA’s official platform and then exploited a back-end API that did not verify user authorization. This gave her access to the system used by broadcasters to manage what is displayed on TV screens and commentators’ monitors worldwide. BobDaHacker stated that a single attacker could have hijacked every camera simultaneously and potentially disrupted the broadcast. She reported the flaw on Tuesday night Japan time, and FIFA fixed the issue a few hours later without acknowledging her report. FIFA did not respond to TechCrunch’s request for comment.
What’s reported
Security researcher BobDaHacker accessed internal FIFA platforms by registering as a player agent and exploiting a back-end API flaw.
The flaw allowed her to watch and control the TV stream of every World Cup game.
The system accessed is used by broadcasters to control what appears on TV screens and commentators’ screens.
BobDaHacker wrote that a single attacker could hijack every camera simultaneously and “rickrolled the entire FIFA World Cup.”
She reported the flaw on Tuesday night Japan time; FIFA fixed it a few hours later without acknowledging the report.
FIFA did not respond to TechCrunch’s request for comment.
Key figures
BobDaHacker (security researcher)
Sources: TechCrunch
