Discover how to colonize, build and achieve victory in this Civilization: Beyond Earth trailer

EVE Online is altering the laws of physics to allow capital ships to fit through stargates

You might find a ghost on your toilet in Sims 4 this month, and in your pools in November

EA Origin exploit lets hackers hijack your PC, technically

ReVuln, the company who revealed a potential exploit within the Steam client last October, have done it again. This time they demonstrated in front of an audience at a Black Hat security conference in Amsterdam that hackers could easily hijack computers with EA’s Origin client installed. There are caveats, however.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin [Uniform Resource Identifiers] handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma say in their paper detailing the exploit they demonstrated. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

Essentially, what usually happens when you boot a game through Origin is that it connects to a web link to launch the game. All the hacker has to do to exploit this system is change the URL which Origin attempts to open when you boot a game. If that URL were changed to a site storing malware clicking on a Battlefield 3 server in EA’s Battlelog could inadvertently install malicious software on your computer.

Now, while this exploit has been spotted it isn’t the most convenient thing to arrange from the hacker’s point of view. For one thing, many browsers will still detect the illegal action being performed and ask that you confirm you want to go to such and such address. So long as you read the address that you are being directed to and it’s a legitimate EA URL then you should be fine. Also, there’s the question of how a hacker can get to your Origin client to alter its URLs, something ReVuln don’t go into. So, as per usual, make sure you have your antivirus software up-to-date and don't go to any sites that are clearly shifty. You know the ones.

Thanks, Ars Technica.

 

Login or Register
Alienware - Game VictoriousNvidia Shield - Titanfall
Windows 9 is no more. Windows 10 is now a thing

Windows 10

Windows 9 is no more. Windows 10 is now a thing

Discover how to colonize, build and achieve victory in this Civilization: Beyond Earth trailer

Discover how to colonize, build and achieve victory in this Civilization: Beyond Earth trailer

EVE Online is altering the laws of physics to allow capital ships to fit through stargates

EVE Online is altering the laws of physics to allow capital ships to fit through stargates

You might find a ghost on your toilet in Sims 4 this month, and in your pools in November

You might find a ghost on your toilet in Sims 4 this month, and in your pools in November

Borderlands 2 explodes onto Linux and SteamOS; is also 75% off on Steam

Borderlands 2 explodes onto Linux and SteamOS; is also 75% off on Steam

Australian Steam store quietly removes

Australian Steam store quietly removes "Australia Tax" from Middle-Earth: Shadow of Mordor

Topic of the Week: What do you look for in a port?

Topic of the Week

Topic of the Week: What do you look for in a port?

Kickstart a first-person space strategy game inspired by Star Trek: Flagship

Kickstart a first-person space strategy game inspired by Star Trek: Flagship

War Thunder update 1.43 okays air-to-ground assaults in new arcade mode

War Thunder update 1.43 okays air-to-ground assaults in new arcade mode

EverQuest Next will let NPC groups roam the map and dynamically determine quests

EverQuest Next will let NPC groups roam the map and dynamically determine quests

Smite picks up another Roman god: green-fingered tree-chap Sylvanus

Smite picks up another Roman god: green-fingered tree-chap Sylvanus

Pathologic reaches Kickstarter target; new stretch goal could fund a

Pathologic reaches Kickstarter target; new stretch goal could fund a "small prequel"

How Train Fever made money for its most feverish players

Train Fever

How Train Fever made money for its most feverish players

Watch Middle-Earth canon do backflips in Monolith's Shadow of Mordor trailer

Watch Middle-Earth canon do backflips in Monolith's Shadow of Mordor trailer

Say Hallow to Hearthstone's new Ranked Play Season card back

Say Hallow to Hearthstone's new Ranked Play Season card back

Cities Skylines gets down to to basics in infrastructure demo video

Cities Skylines gets down to to basics in infrastructure demo video

Dreamfall Chapters debuts on October 21st with its first episode: Reborn

Dreamfall Chapters debuts on October 21st with its first episode: Reborn

Port Inspection: Middle-Earth: Shadow of Mordor

Middle-earth: Shadow of Mordor

Port Inspection: Middle-Earth: Shadow of Mordor

Green Man Gaming to publish PC games in need as Green Man Loaded

Green Man Gaming to publish PC games in need as Green Man Loaded

Might & Magic Heroes Online launch sees turn-based tactics and MMO convention collide

Might & Magic Heroes Online launch sees turn-based tactics and MMO convention collide

Before the Fall Patch: long-awaited Battlefield 4 fixes due today on Origin

Before the Fall Patch: long-awaited Battlefield 4 fixes due today on Origin

Dragon Age: Inquisition character creation has outer and inner iris colour covered

Dragon Age: Inquisition character creation has outer and inner iris colour covered

Watch Dogs 2 will build on player's ability to

Watch Dogs 2 will build on player's ability to "humanise" NPCs through profiling