The Air-Raid Siren Song of War Thunder

CCP producer wants to empower EVE Online players and bring in new ones

Something pew: Facepunch Studios is working on Riftlight, an arcade space shooter

EA Origin exploit lets hackers hijack your PC, technically

ReVuln, the company who revealed a potential exploit within the Steam client last October, have done it again. This time they demonstrated in front of an audience at a Black Hat security conference in Amsterdam that hackers could easily hijack computers with EA’s Origin client installed. There are caveats, however.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin [Uniform Resource Identifiers] handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma say in their paper detailing the exploit they demonstrated. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

Essentially, what usually happens when you boot a game through Origin is that it connects to a web link to launch the game. All the hacker has to do to exploit this system is change the URL which Origin attempts to open when you boot a game. If that URL were changed to a site storing malware clicking on a Battlefield 3 server in EA’s Battlelog could inadvertently install malicious software on your computer.

Now, while this exploit has been spotted it isn’t the most convenient thing to arrange from the hacker’s point of view. For one thing, many browsers will still detect the illegal action being performed and ask that you confirm you want to go to such and such address. So long as you read the address that you are being directed to and it’s a legitimate EA URL then you should be fine. Also, there’s the question of how a hacker can get to your Origin client to alter its URLs, something ReVuln don’t go into. So, as per usual, make sure you have your antivirus software up-to-date and don't go to any sites that are clearly shifty. You know the ones.

Thanks, Ars Technica.

 

Login or Register
Alienware - Game VictoriousNvidia Shield - Titanfall
The Air-Raid Siren Song of War Thunder thumbmail

War Thunder

The Air-Raid Siren Song of War Thunder

CCP producer wants to empower EVE Online players and bring in new ones thumnnail

CCP producer wants to empower EVE Online players and bring in new ones

Something pew: Facepunch Studios is working on Riftlight, an arcade space shooter thumnnail

Something pew: Facepunch Studios is working on Riftlight, an arcade space shooter

Crysis averted: Crytek attributes recent problems to its transition from a developer to an online publisher  thumnnail

Crysis averted: Crytek attributes recent problems to its transition from a developer to an online publisher

Shadow Realms: BioWare teases a new game about losing your car keys thumnnail

Shadow Realms: BioWare teases a new game about losing your car keys

Middle-earth: Shadow of Mordor will endanger orcs a week early  thumnnail

Middle-earth: Shadow of Mordor will endanger orcs a week early

All Keys Gone: We’ve 6,666 ArcheAge beta codes burning a hole in our hull thumbmail

ArcheAge

All Keys Gone: We’ve 6,666 ArcheAge beta codes burning a hole in our hull

The Sims 4 minimum system requirements have been revealed, and they're very low thumnnail

The Sims 4 minimum system requirements have been revealed, and they're very low

Microsoft Flight Simulator X to be refueled with new updates post-Steam release thumnnail

Microsoft Flight Simulator X to be refueled with new updates post-Steam release

Fallout: New Vegas director thinks there's

Fallout: New Vegas director thinks there's "potential" in a Fallout MMO

2K are dropping BioShock hints like a burst water pipe thumnnail

2K are dropping BioShock hints like a burst water pipe

Overkill bolster Payday 2 Steam community with in-game stretch rewards thumnnail

Overkill bolster Payday 2 Steam community with in-game stretch rewards

How a quadriplegic ex-wrestler reached Gold in League of Legends thumbmail

League of Legends

How a quadriplegic ex-wrestler reached Gold in League of Legends

It is done: YouTube reported to have bought Twitch for $1 billion thumnnail

It is done: YouTube reported to have bought Twitch for $1 billion

Completely real: Get a first look at an Unreal Tournament map concept thumnnail

Completely real: Get a first look at an Unreal Tournament map concept

Gear Up hits beta: put guns on goo or make invisible spider tanks  thumnnail

Gear Up hits beta: put guns on goo or make invisible spider tanks

Free zombies: Inject some unlife into your weekend with Dead Island: Epidemic on Steam thumnnail

Free zombies: Inject some unlife into your weekend with Dead Island: Epidemic on Steam

What to expect from The Elder Scrolls Online's daedra-controlled Imperial City thumnnail

What to expect from The Elder Scrolls Online's daedra-controlled Imperial City

Some thoughts on Kerbal Space Program: First Contract thumbmail

Kerbal Space Program

Some thoughts on Kerbal Space Program: First Contract

The Often-Ending Story is a trope-addled choose your own adventure thumnnail

The Often-Ending Story is a trope-addled choose your own adventure

Aerna creators claim it's the largest and most detailed Minecraft server thumnnail

Aerna creators claim it's the largest and most detailed Minecraft server

Come in from the cold: Linux compatible games are all the rage at GOG.com thumnnail

Come in from the cold: Linux compatible games are all the rage at GOG.com

A British MP asked for in-game theft to be treated like real-world theft thumnnail

A British MP asked for in-game theft to be treated like real-world theft

The Last Express: Jordan Mechner remembers a different sort of war game on the centenary of its departure thumnnail

The Last Express: Jordan Mechner remembers a different sort of war game on the centenary of its departure