EA Origin exploit lets hackers hijack your PC, technically | PCGamesN

Titanfall's "biggest update" is still ahead of it; expect details via Twitch today

Master of Draenor I'm pulling your strings: Metallica are playing at BlizzCon 2014

Epic's hosting an Unreal Engine game jam this weekend, so get tinkering

EA Origin exploit lets hackers hijack your PC, technically

ReVuln, the company who revealed a potential exploit within the Steam client last October, have done it again. This time they demonstrated in front of an audience at a Black Hat security conference in Amsterdam that hackers could easily hijack computers with EA’s Origin client installed. There are caveats, however.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin [Uniform Resource Identifiers] handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma say in their paper detailing the exploit they demonstrated. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

Essentially, what usually happens when you boot a game through Origin is that it connects to a web link to launch the game. All the hacker has to do to exploit this system is change the URL which Origin attempts to open when you boot a game. If that URL were changed to a site storing malware clicking on a Battlefield 3 server in EA’s Battlelog could inadvertently install malicious software on your computer.

Now, while this exploit has been spotted it isn’t the most convenient thing to arrange from the hacker’s point of view. For one thing, many browsers will still detect the illegal action being performed and ask that you confirm you want to go to such and such address. So long as you read the address that you are being directed to and it’s a legitimate EA URL then you should be fine. Also, there’s the question of how a hacker can get to your Origin client to alter its URLs, something ReVuln don’t go into. So, as per usual, make sure you have your antivirus software up-to-date and don't go to any sites that are clearly shifty. You know the ones.

Thanks, Ars Technica.

 

Login or Register
Alienware - Game VictoriousNvidia Shield - Titanfall
Putting on the deerstalker and becoming Sherlock Holmes in Crimes and Punishments

Sherlock Holmes: Crimes and Punishments

Putting on the deerstalker and becoming Sherlock Holmes in Crimes and Punishments

Titanfall's

Titanfall's "biggest update" is still ahead of it; expect details via Twitch today

Master of Draenor I'm pulling your strings: Metallica are playing at BlizzCon 2014

Master of Draenor I'm pulling your strings: Metallica are playing at BlizzCon 2014

Epic's hosting an Unreal Engine game jam this weekend, so get tinkering

Epic's hosting an Unreal Engine game jam this weekend, so get tinkering

Paranautical Activity developer steps down after threatening Gabe Newell

Paranautical Activity developer steps down after threatening Gabe Newell

It will never end: Assassin's Creed Chronicles will be a series

It will never end: Assassin's Creed Chronicles will be a series

Topic of the Week: What games are you looking forward to in 2015?

Topic of the Week

Topic of the Week: What games are you looking forward to in 2015?

Middle-earth: Shadow of Mordor free DLC lets you dress all in black and laugh in the face of poison

Middle-earth: Shadow of Mordor free DLC lets you dress all in black and laugh in the face of poison

Counter-Strike: Global Offensive eSports team ALSEN accused of match fixing

Counter-Strike: Global Offensive eSports team ALSEN accused of match fixing

Ubisoft’s Jade Raymond leaves to “pursue my other ambitions and new opportunities”

Ubisoft’s Jade Raymond leaves to “pursue my other ambitions and new opportunities”

Dark Souls' Games for Windows Live refugees can play on Steam from November

Dark Souls' Games for Windows Live refugees can play on Steam from November

Riot approve two third-party apps for League of Legends: Curse Voice and Razer Comms

Riot approve two third-party apps for League of Legends: Curse Voice and Razer Comms

Rodina is No Man's Sky on a budget

Rodina

Rodina is No Man's Sky on a budget

Team Fortress 2 now lets players treat themselves to an early Halloween

Team Fortress 2 now lets players treat themselves to an early Halloween

Uber cancels its Human Resources Kickstarter:

Uber cancels its Human Resources Kickstarter: "We simply don’t have the human resources"

Play Civilization V for free while you pre-load Beyond Earth

Play Civilization V for free while you pre-load Beyond Earth

In The Evil Within, even gods can be decapitated

In The Evil Within, even gods can be decapitated

Fighting the inevitable in Stardock's Sorcerer King

Sorcerer King™

Fighting the inevitable in Stardock's Sorcerer King

Far Cry 4 will let you fight yetis, but only if you have the season pass

Far Cry 4 will let you fight yetis, but only if you have the season pass

Prepare for BlizzCon 2014 by joining a Hearthstone or StarCraft II fantasy league

Prepare for BlizzCon 2014 by joining a Hearthstone or StarCraft II fantasy league

Dragon Age: Inquisition - Catching up with Cassandra

Dragon Age: Inquisition - Catching up with Cassandra

1m Space Engineers copies sold thanks to developer’s use of blood magic

1m Space Engineers copies sold thanks to developer’s use of blood magic

Clockwork Empire update means stew no longer requires eyes to boil

Clockwork Empire update means stew no longer requires eyes to boil