EA Origin exploit lets hackers hijack your PC, technically | PCGamesN

Sword Coast Legends' party of adventurers finally face the Dungeon Master

Weekend Deal Dump: 2K and Sega fight to the death

Elite: Dangerous is putting on an in-game scavenger hunt for Nvidia Titan Blacks

EA Origin exploit lets hackers hijack your PC, technically

ReVuln, the company who revealed a potential exploit within the Steam client last October, have done it again. This time they demonstrated in front of an audience at a Black Hat security conference in Amsterdam that hackers could easily hijack computers with EA’s Origin client installed. There are caveats, however.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin [Uniform Resource Identifiers] handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma say in their paper detailing the exploit they demonstrated. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

Essentially, what usually happens when you boot a game through Origin is that it connects to a web link to launch the game. All the hacker has to do to exploit this system is change the URL which Origin attempts to open when you boot a game. If that URL were changed to a site storing malware clicking on a Battlefield 3 server in EA’s Battlelog could inadvertently install malicious software on your computer.

Now, while this exploit has been spotted it isn’t the most convenient thing to arrange from the hacker’s point of view. For one thing, many browsers will still detect the illegal action being performed and ask that you confirm you want to go to such and such address. So long as you read the address that you are being directed to and it’s a legitimate EA URL then you should be fine. Also, there’s the question of how a hacker can get to your Origin client to alter its URLs, something ReVuln don’t go into. So, as per usual, make sure you have your antivirus software up-to-date and don't go to any sites that are clearly shifty. You know the ones.

Thanks, Ars Technica.

 

Login or Register
Try these free to play games
?

These are affiliate links - clicking them and playing the games directly supports PCGamesN

Spotlight
?

Our Spotlight units plug content our journalists have made, that our advertisers want to promote. Sometimes the promotion is paid for, but the content they go to is always independent with no client oversight or approval.


Alienware - Game VictoriousTurtle Beach
Weekend Deal Dump: 2K and Sega fight to the death

Weekend Deal Dump

Weekend Deal Dump: 2K and Sega fight to the death

Sword Coast Legends' party of adventurers finally face the Dungeon Master

Sword Coast Legends' party of adventurers finally face the Dungeon Master

Elite: Dangerous is putting on an in-game scavenger hunt for Nvidia Titan Blacks

Elite: Dangerous is putting on an in-game scavenger hunt for Nvidia Titan Blacks

Hearthstone: Blackrock Mountain: all the spoiled cards so far

Hearthstone: Blackrock Mountain: all the spoiled cards so far

Oculus VR's chief scientist is a big fan of The Matrix and that's scary for many reasons

Oculus VR's chief scientist is a big fan of The Matrix and that's scary for many reasons

Hearthstone's Blackrock Mountain expansion launches next week

Hearthstone's Blackrock Mountain expansion launches next week

Ashes of the Singularity is an RTS where getting across the largest map takes an hour

Ashes of the Singularity

Ashes of the Singularity is an RTS where getting across the largest map takes an hour

The 20 best RPGs on PC

The 20 best RPGs on PC

Galactic Civilization 3's beta 5 update adds space bugs from the future and pirates

Galactic Civilization 3's beta 5 update adds space bugs from the future and pirates

Tights at the ready: Infinite Crisis launches on Steam

Tights at the ready: Infinite Crisis launches on Steam

Codemasters announce F1 2015, throw-in the 2014 season... almost like F1 2014 never happened

Codemasters announce F1 2015, throw-in the 2014 season... almost like F1 2014 never happened

Pillars of Eternity is out now, so here's a dramatic launch trailer

Pillars of Eternity is out now, so here's a dramatic launch trailer

Having Lots of Sex With Men in Videogames: Part Two

Coming Out On Top

Having Lots of Sex With Men in Videogames: Part Two

Half-Life 2 is getting a community-made patch tomorrow; updates visuals and squashes bugs

Half-Life 2 is getting a community-made patch tomorrow; updates visuals and squashes bugs

Alienware Alpha review: why you should wait for the real Steam Machine

Alienware Alpha review: why you should wait for the real Steam Machine

Hands on with the Dirty Bomb closed beta

Hands on with the Dirty Bomb closed beta

GOG reaffirms their refund policy:

GOG reaffirms their refund policy: "Hitting 'Buy' doesn't waive your rights"

Pillars of Eternity review

Pillars of Eternity review

The 101 Best Free PC Games

Free games

The 101 Best Free PC Games

Total War: Attila's Blood and Burning DLC trailer would make even Tarantino sweat

Total War: Attila's Blood and Burning DLC trailer would make even Tarantino sweat

Evolve's Behemoth monster adds some rock and roll to the hunt

Evolve's Behemoth monster adds some rock and roll to the hunt

Try your luck with Square Enix's Easter Surprise; five mystery Steam games for £3.99

Try your luck with Square Enix's Easter Surprise; five mystery Steam games for £3.99

Minecraft is being distributed to every secondary school in Northen Ireland, for free

Minecraft is being distributed to every secondary school in Northen Ireland, for free

League of Legends patch 5.6 is full of buffed, and ultimately happier, champions

League of Legends patch 5.6 is full of buffed, and ultimately happier, champions