Fortnite app for Android let hackers hijack players' phones, Google warns

Cyber experts warn the release of the mobile game 'introduces a flood of security problems'

Anthony Cuthbertson
Wednesday 29 August 2018 11:52 BST
Epic Games made the beta version of Fortnite available for download across all Android tablets and phones
Epic Games made the beta version of Fortnite available for download across all Android tablets and phones

The Fortnite app on Android can be hijacked by hackers to instigate "worm" attacks on players, Google has revealed

Epic Games CEO Tim Sweeney acknowledged the issue, which allows other apps on a user's device to silently install unapproved software in the background, but said Google should have waited longer to reveal the problem.

The disagreement is the latest in a long-running dispute between the two companies and comes after Epic refused to make the Android version of its hit game available on the official Google Play store.

Mr Sweeney explained his decision to only make the Fortnite app available through the Epic Games website by saying the 30 per cent cut of sales that Google took could not be justified.

"The great thing about the internet and the digital revolution is that... physical storefronts and middlemen distributors are no longer required," he said at the time.

The popularity of Fortnite has made it a magnet for cyber criminals, with some targeting players before the Android version of the game was even released.

Fake versions of the app were shared across social media earlier this summer, some of which contained ransomware that encrypted all of the data on the infected device until the victim paid a ransom in bitcoin.

According to cyber experts, the latest vulnerability could be the first drop in a "flood of security problems" for Fortnite on Android.

"As Fortnite continues to grow in popularity, it will become a greater vector for launching malware and ransomware, with malicious actors possibly even pivoting to kinetic ransomware-style attacks," Lawrence Pingree, a cyber security specialist at SonicWall, told The Independent.

"With kinetic ransomware, victims are forced to complete an action to regain access to their encrypted devices... We saw this in April with the PUBG ransomware, which forced victims to play a game called PlayerUnknown's Battleground for one hour to decrypt the device. While this instance was benign, the potential implications are far reaching and quite dark."

Such instances of the malware, Mr Pingree warned, could eventually spread beyond individuals to companies or governments, forcing officials to carry out "sinister" acts to regain control of their systems.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in