Security Flaws Exposed in EA’s Origin Platform, Potentially Endangering Millions of Gamers
A significant vulnerability has been identified within the Origin digital distribution platform of Electronic Arts (EA), potentially jeopardizing the accounts of its vast user base, which includes over 300 million individuals globally. This exposure could have allowed malicious actors to take control of user accounts and extract sensitive personal information.
The Origin platform facilitates users in managing their EA gamer accounts, engaging in multiplayer games, and accessing various online services. Discovered by researchers at Check Point and CyberInt, these vulnerabilities could be exploited in tandem to compromise a player’s account simply by persuading them to access an official EA webpage.
The crux of the vulnerability lies in a well-known unpatched flaw within Microsoft Azure, the cloud service powering part of EA’s infrastructure. By seizing control of one of EA’s subdomains, which was inactive but still registered on Azure, attackers could orchestrate a takeover. These vulnerabilities underscore a critical issue where a domain or subdomain linked to Azure but misconfigured could be hijacked by any Azure user to redirect traffic to their own server.
The researchers articulated their findings, noting that the previously unmonitored service linked to EA had implications. They observed that a specific subdomain was still capable of redirecting traffic due to a CNAME configuration that pointed to an inactive service. This oversight enabled them to craft a fake webpage that exploited vulnerabilities in EA’s OAuth single sign-on (SSO) and TRUST mechanism. By capturing secret SSO tokens, attackers could potentially gain unauthorized access to players’ accounts without needing their credentials.
Check Point’s analysis detailed how the exploitation of the TRUST mechanism between the domains could lead to aggressive tactics recognized in the MITRE ATT&CK framework. Techniques such as initial access through social engineering and exploiting trust relationships between subdomains were particularly relevant. The potential for privilege escalation, as attackers could manipulate token exchange mechanisms, highlights the importance of tight security measures in web applications, particularly around authentication processes.
In a worst-case scenario, these flaws could have devastating consequences, allowing attackers to access credit card information and perform unauthorized transactions, such as purchasing in-game currency fraudulently. The implications of such breaches are profound, emphasizing the necessity for robust cybersecurity defenses, especially for platforms catering to millions of users.
Both CyberInt and Check Point promptly reported their findings to EA, collaborating to rectify these vulnerabilities and enhance security. EA has since addressed the reported issues, which raises awareness about the critical need for continuous monitoring and rigorous auditing of digital services, particularly those in high-risk sectors such as gaming.
This incident serves as a reminder for business leaders to prioritize cybersecurity measures, ensuring that even the slightest misconfiguration does not lead to exploitative scenarios. The security landscape is continuously evolving, and organizations must remain vigilant in protecting their digital ecosystems.