The researcher, operating under the handle BobDaHacker, discovered that a standard account on FIFA’s official agent registration platform served as a skeleton key for restricted infrastructure. The flaw resided in a backend API that failed to verify user permissions, inadvertently opening access to systems governing both commentator screens and the primary TV feeds broadcast to millions of viewers.
In section Startups & Technology
Security flaw left FIFA World Cup broadcast controls exposed
A simple registration loophole granted a security researcher full control over FIFA’s internal broadcasting systems during the World Cup. By posing as a player agent, the hacker exploited a backend API vulnerability that bypassed authorization checks, potentially allowing a single individual to hijack live television feeds globally.
Highlighting the severity of the oversight, the researcher noted that a malicious actor could have simultaneously hijacked every camera feed or broadcast unauthorized content, such as a "rickroll," to a worldwide audience. FIFA addressed the vulnerability shortly after the report was submitted on Tuesday, though the organization did not publicly acknowledge the finding or respond to requests for comment regarding the security lapse.
Comments (0)
No comments yet. Be the first!