Ubisoft has over 9,000 employees. Possibly becoming the world’s largest gaming company

InSynch is a gorgeous stop-motion animated music game out on 24 April

Let's talk about Thief's anti-open world

EA Origin exploit lets hackers hijack your PC, technically

ReVuln, the company who revealed a potential exploit within the Steam client last October, have done it again. This time they demonstrated in front of an audience at a Black Hat security conference in Amsterdam that hackers could easily hijack computers with EA’s Origin client installed. There are caveats, however.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin [Uniform Resource Identifiers] handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma say in their paper detailing the exploit they demonstrated. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

Essentially, what usually happens when you boot a game through Origin is that it connects to a web link to launch the game. All the hacker has to do to exploit this system is change the URL which Origin attempts to open when you boot a game. If that URL were changed to a site storing malware clicking on a Battlefield 3 server in EA’s Battlelog could inadvertently install malicious software on your computer.

Now, while this exploit has been spotted it isn’t the most convenient thing to arrange from the hacker’s point of view. For one thing, many browsers will still detect the illegal action being performed and ask that you confirm you want to go to such and such address. So long as you read the address that you are being directed to and it’s a legitimate EA URL then you should be fine. Also, there’s the question of how a hacker can get to your Origin client to alter its URLs, something ReVuln don’t go into. So, as per usual, make sure you have your antivirus software up-to-date and don't go to any sites that are clearly shifty. You know the ones.

Thanks, Ars Technica.

 

Login or Register

Thief

Let's talk about Thief's anti-open world

Ubisoft has over 9,000 employees. Possibly becoming the world’s largest gaming company

InSynch is a gorgeous stop-motion animated music game out on 24 April

Garry’s Mod virus filled servers with sound of coughing

Here Be Dragons has you hunt down the monsters of the sea for Queen and country

Guild Wars’ ninth anniversary starts three weeks early because of typo

Indie

FTL: Advanced Edition transforms the spacefaring rogue-like into a mind control space circus

Starbound updates slowed while team moved to UK

None like it hot: How heat’s your worst enemy in Elite: Dangerous

Elder Scrolls Online duping bug is wrecking game economy. Zenimax shut down guild bank

JetGetters' Kickstarter cancelled as developer finds investor

Attack of the Artifacts heralds a "more monstery" Card Hunter - flush with angry antiques and tournament tactics

PCGamesN

Warlock 2: The Exiled review

Cortex Command updated with Steam Workshop, squad controls, and smarter AI

Blocky shooter Minimum leaves purgatory after being rescued by Atari

Alien: Isolation has one claw firmly stuck in 1979

Vrooming noises in new Grid game confirmed in teaser trailer

Sagas for everyone: Stoic and King settle trademark dispute

Indie

This way lies madness: Gaslamp Games and Clockwork Empires

The Mighty Quest for Epic Loot gets a bit more free for the weekend

One man and his dog: Risen 3 trailer is dark and reveals an August release date

New phishing scam puts your beloved Steam trading cards at risk

Moebius: Empire Rising review

Swedish politicians compete in StarCraft tournament to "remind youth that votes matter"