Share!
A cybersecurity researcher has disclosed a security flaw in FIFA’s digital infrastructure that allegedly allowed access to several internal platforms, including systems used to manage World Cup television broadcasts.
The researcher, who operates under the name BobDaHacker, said she discovered the vulnerability after registering as a player agent through FIFA’s official agent registration platform.
According to her findings, a flaw in FIFA’s backend application programming interface (API) failed to properly verify user permissions, allowing her to access systems intended only for authorised personnel.
The researcher claimed the vulnerability provided access to platforms used by broadcasters to control information displayed on television screens worldwide, as well as data shown on commentators’ broadcast systems during matches.
In a blog post published on Tuesday, BobDaHacker said the flaw could have allowed a malicious actor to interfere with World Cup broadcasts on a global scale.
“A single attacker could hijack every camera simultaneously. An attacker could have rickrolled the entire FIFA World Cup,” she wrote.
The researcher said she reported the vulnerability to FIFA on Tuesday night in Japan and that the issue was fixed within hours. However, she claimed FIFA did not acknowledge the report.
FIFA had not responded to requests for comment at the time of publication
No related posts.
