A security researcher has revealed a major vulnerability in FIFA‘s internal systems that could have allowed an attacker to take control of World Cup television broadcasts worldwide.
The researcher, known online as BobDaHacker, said she gained access to multiple internal FIFA platforms by registering as a player agent through FIFA’s official agent registration portal.
According to her findings, a flaw in FIFA’s back-end application programming interface (API) failed to properly verify user permissions, allowing her to access systems that should have been restricted to authorized personnel.
The exposed platforms reportedly included tools used by broadcasters to manage what appears on television screens during World Cup matches, as well as systems that provide information to commentators during live coverage.
In a blog post published on Tuesday, BobDaHacker said the vulnerability could have enabled a single attacker to manipulate every camera feed simultaneously.
“A single attacker could hijack every camera simultaneously. An attacker could have rickrolled the entire FIFA World Cup,” the researcher wrote.
BobDaHacker said she reported the issue to FIFA on Tuesday night, Japan time, and the organization fixed the vulnerability within a few hours.
However, according to the researcher, FIFA did not acknowledge the report or respond directly to her disclosure.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
