A security researcher said she was able to access multiple internal FIFA platforms due to a simple security flaw, allowing her to watch every World Cup game and have full control over the TV stream.
The researcher, identified as BobdaHacker, said she had registered as a player agent on FIFA’s official agent registration platform. Then, due to having that account and a flaw in FIFA’s backend API, which did not check whether the user actually had the proper authorization, she was able to access several internal FIFA platforms.
This includes the system that allows broadcasters to control what is displayed on people’s TVs around the world, and what is displayed on commentators’ screens when narrating matches, according to the researcher.
“A single attacker could hijack every camera simultaneously. A single attacker could take down the entire FIFA World Cup,” BobdaHacker wrote. in a blog post Published on Tuesday.
BobdaHacker reported the flaw on Tuesday night Japan time and FIFA fixed the problem a few hours later, without acknowledging the researchers’ report.
FIFA did not immediately respond to TechCrunch’s request for comment.
