Monday, March 25, 2013

EA Origins online gaming system allows attacks on your computer

If any of you are fans (and users) of Electronic Arts Origins online store/gaming network, you are vulnerable to more or less total pwnage:
A flaw in EA's Origin game store puts its 40 million or so users at risk of remote execution vulnerabilities

The vulnerability was described by security researchers Luigi Auriemma and Donato Ferranta of ReVuln, in a paper released on Saturday.

Origin is the distribution platform behind just-launched SimCity, along with other popular EA games such as Crysis 3. It lets EA roll out updates to its games, sell titles, and also provides DRM capabilities by authenticating players' games.

But the way the software authorizes players can also be used to hijack computers and install malicious software, the researchers found.
The researchers offer what seems entirely sensible advice to defend yourself:
The issue can be mitigated by disabling the
origin://
URI globally using tools such as urlprotocolview. This means a user will be no longer able to run games via Desktop shortcuts or internet websites with customs command line parameters.

Users will be still able to play games by running games directly from Origin. This limits the usage of command line parameters. An alternative solution would be to disable the origin:// handler in the users’ browsers which supports such feature.

Users are strongly encouraged at a minimum to set their browser to prompt when handling these links.

5 comments:

  1. I think Steam had a similar vulnerability too, don't know if it was fixed.

    Not that big a deal IMO, not clicking on random links is good practice to begin with. It's good to be aware of it though.

    ReplyDelete
  2. Glad I don't play online games... :-)

    ReplyDelete
  3. One more reason that I can't stand EA

    ReplyDelete
  4. I knew a guy who was a manager at EA, he was OK but the place sounded horrific.

    ReplyDelete
  5. I am not play online games. I am playing only offline games, because I have net problem in our area.



    R4i SDHC

    ReplyDelete

Remember your manners when you post. Anonymous comments are not allowed because of the plague of spam comments.