Flight Sim Labs’ ‘Heavy Handed’ Anti-Piracy Tactics Raise Hackles

Developer Flight Sim Labs is in hot water after acknowledging that it has installed malware in its flight simulator product that it said targets pirate users of its software.

Software developer Flight Sim Labs is in hot water after acknowledging that it installed a password harvester for the Google Chrome browser in its flight simulator product. The company explained it was only targeting pirate users of its software, but critics are calling the tactics “dirty”.

The issue came to a head on Sunday when a Reddit user said that after downloading Flight Sim Labs’ Airbus A320-X add-on package for a their desktop flight simulator software, the add-on was “flagged up by various antivirus products” as malicious.

Flight Sim Labs makes premium add-ons for Microsoft Flight Simulator X and Lockheed Martin’s Prepar3D software with prices starting at around $100 each.

Upon further investigation, the Reddit user found a “test.exe” update file included on the add-on’s installer that acted as a command-line tool.

The tool turned out to be from a company SecurityXploded and is called Chrome Password Dump. As the name suggests, the program is designed to automatically detect and extract all default passwords embedded in Google’s Chrome browser.

The file seemed out of the norm on software for Flight Sim Labs, which is a company specializing in various add-on services for desktop flight simulator platforms.

Lefteris Kalamaras, founder of Flight Sim Labs, responded to the discovery on Monday, stating in a blog post that the file “test.exe” is installed as part of the company’s digital rights management (DRM) efforts and helps alert the company when pirates have installed the add-on package.

Kalamaras said that the company is using a specific method against specific serial numbers that have been identified as pirate copies. He said when a specific pirate copy serial number is used, Flight Sim Labs is alerted.

Kalamaras said in the post that allegations that the software has “indiscriminately” dumped passwords are untrue, and that the malware only targets specific pirate copies of copyrighted software obtained illegally.  Furthermore, said Kalamaras, the program is only extracted temporarily and “is never under any circumstances used in legitimate copies of the product.”

“If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us,” said Kalamaras in the post. “The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).”

In a follow up statement, Kalamaras said that he understands that the measures “might be considered to be a bit heavy handed on our part,” and because of that the company has uploaded an updated installer that does not include the DRM check file in question.

Despite the updates, security researchers were raising their eyebrows on Tuesday about the legal and ethical boundaries that Flight Sim Labs was pushing.

Cybersecurity company Fidus Information Security confirmed that the password dumping tool is “only called when a fraudulent serial is used,” but still expressed around the ethics of the practice.

“Whilst we fully understand the importance of DRM and combating piracy, it poses the question on how ethical some companies are being in doing so along with the legal and infosec implications of it,” the company said in a statement.

Suggested articles

Firefox 38 Fixes 13 Flaws, Ships With DRM Support

Mozilla has fixed 13 security flaws in Firefox 38, including five critical vulnerabilities. The new version of the browser also includes a feature that enables the use of DRM-enabled video content in Firefox, a decision that comes with some controversy. DRM (digital rights management), the generic name for technologies that are used to restrict the […]

Discussion

  • Anonoman2018 on

    This is the problem is they put software like this included that is only called if an illegal serial is used. What happens when an update gets manipulated to run it on all serial number installs? Get this crap implementation out of your product. there are plenty of companies that do DRM that dont take chrome password dumps. Like seriously what is this world coming to?

Leave A Comment

 

07/21/18 2:00
A new report said that @SanDiegoAirport has the riskiest #WiFi hotspots: https://t.co/cFIue5ERht

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.