Fortnite Installer’s vulnerability let hackers silently install random apps

The vulnerability was disclosed by Google to Epic Games on 15 August, and has since been patched.

In an issue tracker post titled ‘Fortnite Installer downloads are vulnerable to hijacking’, Google has disclosed a serious vulnerability in Epic's first Fortnite installer for Android.

Google found that the vulnerability allowed hackers to download and install absolutely any app in the background, without seeking the consent or permission of the user. To top that, these app would have full access granted, without the knowledge of the user.

This vulnerability was disclosed by Google to Epic Games on 15 August, and has since released the information publicly following confirmation from Epic that the vulnerability was patched.

Fortnite poster. Image: YouTube/ Epic Games

Fortnite poster. Image: YouTube/ Epic Games

What is Fortnite Installer app?

For the uninitiated, the Fortnite Installer is a simple app that you download and install, which then subsequently downloads the full Fortnite game directly from Epic. Basically this is because when you download Fortnite you don't actually download the whole game, you download the Fortnite Installer first.

What exactly happens because of the vulnerability?

Now, Google's security team found out that the Fortnite Installer is very susceptible to a hijack, and so everytime you request to download Fortnite from Epic, there is a chance that it would download any other random app instead.

Google calls it "man-in-the-disk" attack. Android Central defines this as a scenario “when an app on your phone looks for requests to download something from the internet and intercepts that request to download something else instead, unbeknownst to the original downloading app. This is possible purely because the Fortnite Installer was designed improperly — the Fortnite Installer has no idea that it just facilitated the malware download, and tapping ‘launch’ even launches the malware.”

Fortunately, Epic acted quick on this and it says it fixed the issue in less than 48 hours after being notified. Epic says that it has deployed the fix to every Fortnite Installer, which had been installed previously.

Which means, it is safe for new users to download the Fortnite Installer, and for the ones who already had it, you need to update the Installer to the version 2.1.0, which you can check for by launching the Fortnite Installer and going to its settings.




Top Stories


also see

science