• A basic security flaw let a security researcher access internal F

    From TechnologyDaily@1337:1/100 to All on Thu Jun 18 01:15:26 2026
    A basic security flaw let a security researcher access internal FIFA systems and the ability to control World Cup TV streams

    Date:
    Thu, 18 Jun 2026 00:05:00 +0000

    Description:
    "An attacker could have rickrolled the entire FIFA World Cup" - but luckily the issue was quickly fixed.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Researcher BobDaHacker found FIFA API flaw letting anyone hijack live TV streams and commentator feeds Bug stemmed from lack of authorization checks; FIFA patched quickly but did not credit the finder Experts warn it highlights CWE602 and the danger of confusing authentication with authorization A bug in an internal FIFA system allowed anyone to modify what gets streamed to TV broadcasters, and what goes to TV commentators narrating the FIFA 2026 World Cup matches. Luckily for everyone, the bug was discovered by a white hat hacker and remedied before
    any malicious actors could leverage it.

    Asecurity researcher with the alias BobDaHacker recently reported being able to take full control over the TV stream. They did it by registering as a player agent of FIFAs official agent registration platform and then abusing a vulnerability in FIFAs back-end API to access multiple internal platforms.
    The vulnerability was that the API did not check the accounts for proper authorization - and as a result, they could control what people would see on their TVs during the matches, as well as what the commentators would see on their monitors. Latest Videos From Watch full video here: Authentication is not authorization A single attacker could hijack every camera simultaneously. An attacker could have rickrolled the entire FIFA World Cup, BobDaHacker
    said. We could have witnessed a Dark Knight Rises moment, too.

    For Brett Winterford, Vice President at Okta Threat Intelligence, FIFA dodged a major bullet today: The average global live audience of a FIFA WorldCup match is 175 million viewers. Imagine a person with the worst motivations discovers a bug that enables them to modify that livestream. You may like Experts warn FIFA World Cup partners could be putting customers at risk of email attacks We take a look at some of the biggest threats facing fans at
    the World Cup 2026 FIFA websites spoofed by hackers ahead of 2026 World Cup, FBI warns

    That bug happened. Thankfully a security researcher found it first. Not everyone seems to be that thankful, though. According to TechCrunch , FIFA issued a fix mere hours after BobDaHacker reported it, but did not
    acknowledge them for their work.

    Winterford believes the bug is yet another example of CWE-602: Client-Side Enforcement of Server-Side Security. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Its also another good reminder for developers: dont treat authentication as authorization. Authentication deals with verifying a user is who they say
    they are, authorization deals with what the user is allowed to access. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-basic-security-flaw-let-a-security-re searcher-access-internal-fifa-systems-and-the-ability-to-control-world-cup-tv- streams


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)