EA Origin exploit lets hackers hijack your PC, technically | PCGamesN

Rek'Sai is League of Legends' newest champion; she's underground, so you've probably never heard of her

Solve your own nautical murder in Why Am I Dead At Sea

Distance, the neon-soaked survival racer, is launching on Steam Early Access next month

EA Origin exploit lets hackers hijack your PC, technically

ReVuln, the company who revealed a potential exploit within the Steam client last October, have done it again. This time they demonstrated in front of an audience at a Black Hat security conference in Amsterdam that hackers could easily hijack computers with EA’s Origin client installed. There are caveats, however.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin [Uniform Resource Identifiers] handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma say in their paper detailing the exploit they demonstrated. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

Essentially, what usually happens when you boot a game through Origin is that it connects to a web link to launch the game. All the hacker has to do to exploit this system is change the URL which Origin attempts to open when you boot a game. If that URL were changed to a site storing malware clicking on a Battlefield 3 server in EA’s Battlelog could inadvertently install malicious software on your computer.

Now, while this exploit has been spotted it isn’t the most convenient thing to arrange from the hacker’s point of view. For one thing, many browsers will still detect the illegal action being performed and ask that you confirm you want to go to such and such address. So long as you read the address that you are being directed to and it’s a legitimate EA URL then you should be fine. Also, there’s the question of how a hacker can get to your Origin client to alter its URLs, something ReVuln don’t go into. So, as per usual, make sure you have your antivirus software up-to-date and don't go to any sites that are clearly shifty. You know the ones.

Thanks, Ars Technica.

 

Login or Register
Alienware - Game VictoriousTurtle Beach
Topic of the Week: What are you playing now, and what have you left on the back burner?

Topic of the Week

Topic of the Week: What are you playing now, and what have you left on the back burner?

Rek'Sai is League of Legends' newest champion; she's underground, so you've probably never heard of her

Rek'Sai is League of Legends' newest champion; she's underground, so you've probably never heard of her

Solve your own nautical murder in Why Am I Dead At Sea

Solve your own nautical murder in Why Am I Dead At Sea

Distance, the neon-soaked survival racer, is launching on Steam Early Access next month

Distance, the neon-soaked survival racer, is launching on Steam Early Access next month

Good news, everyone: The World of Warcraft Blood Elf makeover is in progress

Good news, everyone: The World of Warcraft Blood Elf makeover is in progress

Batman and his best bud head to Ace Chemicals in new Arkham Knight footage

Batman and his best bud head to Ace Chemicals in new Arkham Knight footage

Armored Warfare’s co-op campaign is something World of Tanks sorely lacks

Armored Warfare

Armored Warfare’s co-op campaign is something World of Tanks sorely lacks

Activision is placing copyright strikes on Call of Duty Advanced Warfare videos showing cheats and/or glitches

Activision is placing copyright strikes on Call of Duty Advanced Warfare videos showing cheats and/or glitches

The Binding of Isaac developer turns to community for expansion pack ideas

The Binding of Isaac developer turns to community for expansion pack ideas

Nvidia Shield comes with games and Nvidia Grid this Black Friday

Nvidia Shield comes with games and Nvidia Grid this Black Friday

Evolve DLC maps will be free and you can play alongside players who’ve bought new hunters

Evolve DLC maps will be free and you can play alongside players who’ve bought new hunters

Dark Souls II to re-release with ‘Scholar of the First Sin’ edition, bundled with DLC

Dark Souls II to re-release with ‘Scholar of the First Sin’ edition, bundled with DLC

Fraser and Matt have a little chat about Far Cry 4

Far Cry 4

Fraser and Matt have a little chat about Far Cry 4

Far Cry 4’s director given go-ahead by Ubisoft for a personal project

Far Cry 4’s director given go-ahead by Ubisoft for a personal project

Steam Gifts rules have been changed to protect you from swindlers

Steam Gifts rules have been changed to protect you from swindlers

Total War: Attila invades Rome in February

Total War: Attila invades Rome in February

Shroud of the Avatar's pre-alpha launches on Steam Early Access

Shroud of the Avatar's pre-alpha launches on Steam Early Access

A capital ship invaded the Elite: Dangerous premiere

A capital ship invaded the Elite: Dangerous premiere

Tales from the Borderlands: Zer0 Sum PC review

Tales from the Borderlands

Tales from the Borderlands: Zer0 Sum PC review

After

After "winding down" earlier in the year, Irrational Games starts hiring again

Way of Life is Crusader Kings II's roleplaying expansion

Way of Life is Crusader Kings II's roleplaying expansion

You'll be able to put an Alienware Alpha in your living room next month

You'll be able to put an Alienware Alpha in your living room next month

World of Warcraft: Warlords of Draenor review in progress

World of Warcraft: Warlords of Draenor review in progress

Making it in Unreal: How Daylight survived public pressure and became the very first UE4 game

Making it in Unreal: How Daylight survived public pressure and became the very first UE4 game