The researcher, operating under the handle BobDaHacker, discovered that a standard account on FIFA’s official agent registration platform served as a skeleton key for restricted infrastructure. The flaw resided in a backend API that failed to verify user permissions, inadvertently opening access to systems governing both commentator screens and the primary TV feeds broadcast to millions of viewers.
Highlighting the severity of the oversight, the researcher noted that a malicious actor could have simultaneously hijacked every camera feed or broadcast unauthorized content, such as a "rickroll," to a worldwide audience. FIFA addressed the vulnerability shortly after the report was submitted on Tuesday, though the organization did not publicly acknowledge the finding or respond to requests for comment regarding the security lapse.
Comments (0)
No comments yet. Be the first!