OriginFive years ago, a pair of security researchers write a book called Exploiting Online Games in which they described a number of ways in which attackers could take advantage of weaknesses in the protection systems for various gaming platforms. Now, with online gaming having emerged as a massive business, other researchers have picked up the ball and begun finding serious flaws. The latest vulnerability to be disclosed is in EA’s Origin online game-delivery system, which researchers from ReVuln have shown can be exploited remotely to run malicious code on users’ machines.

The problem lies in the way that Origin’s custom URI handles commands. Origin is EA’s platform for delivering and enabling users to play games without downloading them or playing them from a disc. In order to access content, users download a client that connects to the Origin server. To do so, the client uses a custom URI handler, origin://. So a command to the system to launch a game begins with that URI and then contains several other components. An attacker who can discover the Game ID–which is a unique identifier for each game–can use local vulnerabilities on a user’s machine to execute arbitrary code.

“The Origin platform allows malicious users to exploit local vulnerabilities or features, by abusing the Origin URI handling mechanism. In other words, an attacker can craft a malicious internet link to execute malicious code remotely on victim’s system, which has Origin installed,” the ReVuln research paper says.

“In order to demonstrate the insecurity of the Origin platform, we picked the most recent and well known game available on this platform: Crysis 311, which was released on 19 February 2013. We found several ways to trigger remote code execution against remote victim systems by abusing the Origin platform itself. One way is based on exploiting a feature, NVidia Benchmark framework12, in CryEngine’s game engine.”

By specifying a certain set of commands in an Origin link, an attacker can cause a user to load malicious code onto his machine. In a video demonstration of the problem, ReVuln researchers Luigi Auriemma and Donato Ferrante showed their attack working against the Crysis 3 game on Origin.

The researchers presented their findings at the Black Hat EU conference in Amsterdam last week. Auriemma said that because of the nature of attacks on games it’s difficult to know whether any attackers are using this technique already.

“For this kind of attacks the situation is a little bit tricky, because we are not talking about attacking big systems, like SCADA. But we are talking about games and gamers, and attacks via games usually are pretty stealthy, and they are pretty difficult to spot. As this sort of attack vectors are pretty underestimated by people,” he said.

In October, ReVuln published similar research demonstrating a vulnerability in the Steam gaming platform.

Categories: Videos, Vulnerabilities

Comments (5)

  1. gem
    1

    I’m not a security researcher!  I am a scientist.  (hah)

    FWIW, we have been working with EA for years on software security.

    gem

  2. Anonymous
    2

    gem says: “FWIW, we have been working with EA for years on software security.”

    1) I guess that it’s not worth much.

    2) They have a long way to go yet, someone needs to be working harder.

    3) As with most companies, security isn’t an issue, until it is an issue.  It’s just now becoming an issue so the real work has yet to start.

  3. gem
    3

    Turns out that software security is hard and it takes a while.  Just ask Microsoft whose efforts over a decade are paying off, but who are not done yet.  Or Adobe.

    Flip little comments like yours are easy to make.  Perhaps you should grow up, learn some stuff and get a job helping.

    gem

  4. Anonymous
    4

    As someone who knows just enough about general state of ‘security’ across all types of software / hardware…a lot to be done everywhere, by everyone… 

    I will admit, I love showing people how easy it is for someone to strip their VISA CC details. More satisfying when they have just boasted about how great their $200 leather wallet is.

     

  5. Anonymous
    5

    i find it ironic that you are pointing out vulnerability in one system, then ask us to install flash , with multiple vulnerabilitys to play content

Comments are closed.