Vulnerabilities in Chess.com could Expose users to Potential Cheating

By VARINDIA - 2023-03-25

Check Point Research (CPR) identified security vulnerabilities in the Chess.com platform. Left unpatched, an attacker can use the security flaws to cheat in chess games and solve games without playing. CPR outlines the exploitation methodology and publishes a technical analysis of the vulnerabilities.

Chess.com boasts over 100M players worldwide

Prizes can reach up to $1M

CPR reports findings to Chess.com, who subsequently issued a security patch

Check Point Research (CPR) identified multiple vulnerabilities in the chess.com platform. Left unpatched, an attacker can use the security flaws to cheat in chess games and solve puzzles, without even playing.

Exploitation of the vulnerabilities is triggered by manipulating both the Chess Game API and Puzzle-solving API of the Chess.com platform. CPR was able to decrease an opponent’s time and win games, as well as extract successful chess moves to solve online puzzle ratings.

Chess.com boasts over 100M players worldwide, and prizes can reach up to $1M.

Attack Methodology

CPR outlined the attack methodology as follows:

The attacker starts a chess game with somebody he added to his friend list before or during the game

By adding a player to the friend list, the attacker opens the adjustclock API request which allows him to give the opponent extra 15 seconds

Attacker manipulates the adjustclock API to ZERO the opponent’s clock and wins the game without the opponent’s notice

Responsible Disclosure:

CPR responsibly disclosed its findings to Chess.com, who subsequently issued a patch.

Oded Vanunu, Head of Products Vulnerabilities Research at Check Point Research says,“We have found multiple vulnerabilities in the Chess.com platform that allows an attacker to cheat in chess games and solve puzzles without even playing. There are more than 100 million players at Chess.com, so winning a game by cheating can decrease overall scores while increasing the scores of the attackers. Potentially attackers could have exploited the vulnerabilities to grab the prizes."

Name:
Email:
Comment:

INTERVIEWS

SonicWall witnesses 3X growth over three years in India

40% of ManageEngine’s revenue is driven through its channel partners

InstaSafe takes pride in calling itself a transparent organization among partners

Channel partners are the last mile in Vertiv’s sales channel

ViewSonic believes in becoming a trusted brand for new partners

Skybox believes in prioritizing transparency in its partnerships

TOP VIDEOS

CIO - SPEAK

By taking platform approach than deploying products may raise the security level of an organization

Dr. Sashank Dara, CTO, CISO & Cofounder, Seconize The...

RPA - The next trending technology of 2023

Meetali Sharma, Corporate Head - Risk, Compliance & Information Securit...

Cloud Security, AI/ML, IoMT, Supply chain security - Top cyber security challenges

Bohitesh Misra, Co-Founder & CTO, Avexa Systems In the pro...

Start-Up and Unicorn Ecosystem

Wipro Launches an Immersive Innovation Experience for Financ...

Automation Anywhere partners with Google Cloud to bring toge...

SAS transforms traditional customer data platform capabiliti...

AI stands top priority for the Corporates to invest

Future of Cloud and Edge Infra

Digital Footprint

Trust WhatsApp??

BoT traffic

India’s Quantum Mission

India Records 18% Surge in Weekly Cyber Attacks in Q1 2023

SECURITY

Radware’s DefensePro DDoS Protection selected by Berger Paints for network security

The multinational paint company, which has more than 3,600 employees, manages a distributi...

Organizations can establish a strong security foundation by implementing a comprehensive cloud security strategy

Focusing on vulnerability management, TAC Security is helping organizations secure their d...

CyberArk announces new products across its Identity Security Platform

CyberArk has announced new products and features across the CyberArk Identity Security Pla...

SOFTWARE

Blackstone portfolio company R Systems takes over Velotio

R Systems announced that it has signed definitive agreements to acquire Velotio, an India-...

NEC India, GLA University and Edulateral Foundation collaborate to enable learning for students in AI and Analytics

NEC Corporation India (NEC India), a wholly owned subsidiary of NEC Corporation, GLA Unive...

Tech Mahindra to help Bank of Baroda to enhance Customer Experience

Tech Mahindra announced its partnership with Bank of Baroda, to deploy digital solutions t...

START - UP

TE Connectivity launches its first start-up accelerator program in India

TE Connectivity (TE), a world leader in connectivity and sensors, has coll...

InCore Semiconductors bags $3 million in seed funding round from Sequoia Capital India

InCore Semiconductors has raised USD 3 million in a seed funding round from Sequoia Capita...

Ping Pong Enables Indian Businesses to establish itself in Australia

Ping Pong Payments, a leading global payment platform, obtained the Australian Financial S...

SOUTHERN INDIA INFORMATION TECHNOLOGY FAIR (SIITF) -2018
BANGALURU

STAR NITE AWARDS(SNA) - 2018
NEW DELHI

ODISHA INFORMATION TECHNOLOGY FAIR(OITF)-2019
BHUBANESWAR

WESTERN INDIA INFORMATION TECHNOLOGY FAIR(WIITF) - 2019
MUMBAI

PERIPHERALS

Barco’s Projection Technology used by Tricolor India Schauspiel at Andaman & Nicobar’s Historical Cellular Jail

The Cellular Jail in Andaman and Nicobar Islands has unveiled an immersive multimedia proj...

Acer unveils its first eco-friendly Wi-Fi 6E mesh router - Acer Connect Vero W6m

Acer has unveiled the Acer Connect Vero W6m mesh router, its first eco-friendly Wi-Fi 6E r...

ECS launches smart retail, public terminal, and automation intelligence industrial solutions

ECS Industrial Computer has introduced a wide range of comprehensive new products for smar...

ZOTAC Technology announces latest addition to its graphics card line-up

ZOTAC Technology has announced the latest addition to its next-generation graphics card li...

INDUSTRY EVENTS

Kingston showcases New Non-Binary DDR5 Memory and XS1000 External SSD in COMPUTEX 2023

Kingston Technology has announced it will make a grand return to COMPUTEX Taipei event aft...

Genesys creating an exceptional Customer Experience leveraging the skillful orchestration of Employee Experience

To recognise its strategic partners advancing the industry, Genesys, organised the APAC Pa...

TDC Captures the Beauty of our Natural World at Vivid Sydney 2023

Sydney, Australia, May 2023 – It would be easy for a company like TDC – T...

MediaTek organizes its 12th Chapter of Technology Diaries

MediaTek has hosted its 12th Chapter of Technology Diaries themed ‘The Vision to Go...

E- COMMERCE

Pine Labs collaborates with ICICI Bank over acceptance of Digital Rupee on its PoS terminals

Pine Labs announced the acceptance of digital Rupee on its PoS terminals in partnership wi...

Numeric launches its e-shop for UPS

Numeric UPS has announced the launch of its very own E-Shop, for a wide range of uninterru...

PhonePe records USD $1 trillion annualised TPV runrate

PhonePe announced that it has hit an annualized TPV (Total payment value) run-rate of USD...

Cashfree Payments acquires Zecpe to strengthen its D2C payments suite

Cashfree Payments has announced its strategic acquisition of Zecpe, a one-click checkout c...

MOVERS & SHAKERS

Magenta Mobility names Shashank Sathe as CTO

Magenta Mobility has appointed Shashank Sathe as its new Chief Technology Officer (CTO). T...

Anand Sanghi chairs as Vertiv President of the Americas Region

Vertiv has appointed Anand Sanghi as President, Americas effective July 1, 2023. Sanghi cu...

BEL elevates Vikraman N as Director (HR)

Navratna Defence PSU Bharat Electronics Limited (BEL) has announced to elevate Vikraman N...

Midea Group names Allen Zha as the Country Head for India Operations

Midea India has announced the appointment of Allen Zha as the Country Head for the company...

CHANNEL - BUZZ

Lenovo comes up with next chapter of Lenovo 360 global channel framework for partners

Lenovo announces the next chapter of its Lenovo 360 global channel framework for partners....

Lenovo on the lookout for ISVs & Startups for its AI Innovators program

Lenovo is on the lookout for independent software vendors (ISVs) to join the Lenovo A...

Akamai announces significant enhancements to its Partner Program

Akamai Technologies has announced significant, new enhancements to the Akamai Partner Prog...

Noventiq reports $1.6bn turnover

Noventiq has announced that a quarterly turnover of $480.7 million in Q4 propelled it to a...

Airlines in profit