Bug in FIFA World Cup internal system gave anyone ability to modify TV stream

A security researcher said she was able to access several internal FIFA platforms due to a simple security flaw, which allowed her to watch and have full control of the TV stream of every World Cup game.

The researcher, who goes by BobDaHacker, said she simply registered as a player agent on FIFA’s official agent registration platform. Then, thanks to having that account and a flaw in FIFA’s back-end API, which didn’t check if a user actually had the proper authorization, she was able to access several internal FIFA platforms.

“A single attacker could hijack every camera simultaneously. An attacker could have rickrolled the entire FIFA World Cup,” BobDaHacker wrote in a blog post published on Tuesday.

BobDaHacker reported the flaw on Tuesday night Japan time, and FIFA fixed the issue a few hours later, without ever acknowledging the researcher’s report.

Get an inside look at what it takes to scale and succeed from leaders at Mach Industries, Founders Fund, and Shinkei Systems. Through candid fireside chats and high-impact networking, you’ll walk away with valuable insights and new connections.

Every weekday and Sunday, you can get the best of TechCrunch’s coverage.

TechCrunch Mobility is your destination for transportation news and insight.

Startups are the core of TechCrunch, so get our best coverage delivered weekly.

Provides movers and shakers with the info they need to start their day.

By submitting your email, you agree to our Terms and Privacy Notice.