EA Origin exploit lets hackers hijack your PC, technically | PCGamesN

Final Fantasy XIV London Fanfest reveals EU servers, flying mounts and Dark Knight job

Spooky Races: Project CARS gets a Halloween trailer

First blood in the World of Warcraft Arena World Championship will be shed next week

EA Origin exploit lets hackers hijack your PC, technically

ReVuln, the company who revealed a potential exploit within the Steam client last October, have done it again. This time they demonstrated in front of an audience at a Black Hat security conference in Amsterdam that hackers could easily hijack computers with EA’s Origin client installed. There are caveats, however.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin [Uniform Resource Identifiers] handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma say in their paper detailing the exploit they demonstrated. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

Essentially, what usually happens when you boot a game through Origin is that it connects to a web link to launch the game. All the hacker has to do to exploit this system is change the URL which Origin attempts to open when you boot a game. If that URL were changed to a site storing malware clicking on a Battlefield 3 server in EA’s Battlelog could inadvertently install malicious software on your computer.

Now, while this exploit has been spotted it isn’t the most convenient thing to arrange from the hacker’s point of view. For one thing, many browsers will still detect the illegal action being performed and ask that you confirm you want to go to such and such address. So long as you read the address that you are being directed to and it’s a legitimate EA URL then you should be fine. Also, there’s the question of how a hacker can get to your Origin client to alter its URLs, something ReVuln don’t go into. So, as per usual, make sure you have your antivirus software up-to-date and don't go to any sites that are clearly shifty. You know the ones.

Thanks, Ars Technica.

 

Login or Register
Alienware - Game VictoriousNvidia Shield - Titanfall
Guild Wars 2: Tyria prepares for war with the return of the Living World Season 2

Guild Wars 2

Guild Wars 2: Tyria prepares for war with the return of the Living World Season 2

Final Fantasy XIV London Fanfest reveals EU servers, flying mounts and Dark Knight job

Final Fantasy XIV London Fanfest reveals EU servers, flying mounts and Dark Knight job

Spooky Races: Project CARS gets a Halloween trailer

Spooky Races: Project CARS gets a Halloween trailer

First blood in the World of Warcraft Arena World Championship will be shed next week

First blood in the World of Warcraft Arena World Championship will be shed next week

Dark Souls 2 is the Golden Joystick Awards' Game of the Year

Dark Souls 2 is the Golden Joystick Awards' Game of the Year

League of Legends is close to making $1 billion from microtransactions this year

League of Legends is close to making $1 billion from microtransactions this year

Stockholm Syndrome: Why Scandinavia loves DreamHack

Hearthstone: Heroes of Warcraft

Stockholm Syndrome: Why Scandinavia loves DreamHack

Outlast 2 is in development; stock up on clean underwear

Outlast 2 is in development; stock up on clean underwear

Those crazy system requirements for Assassin's Creed Unity have been confirmed by Ubisoft

Those crazy system requirements for Assassin's Creed Unity have been confirmed by Ubisoft

The Witcher 3's opening cinematic shows why you don't get into staring contests with crows

The Witcher 3's opening cinematic shows why you don't get into staring contests with crows

Football Manager 2014 has been played for 23,000 years, and that’s not including the pirates

Football Manager 2014 has been played for 23,000 years, and that’s not including the pirates

Phonopath turns you into an audio codebreaker

Phonopath turns you into an audio codebreaker

Civilization: Beyond Earth review

Civilization: Beyond Earth

Civilization: Beyond Earth review

Shelter 2 trailer makes survival look gorgeous while being totally harrowing

Shelter 2 trailer makes survival look gorgeous while being totally harrowing

Flak in the USSR: World of Warplanes 1.6 introduces new Russian jets, more airspace

Flak in the USSR: World of Warplanes 1.6 introduces new Russian jets, more airspace

Codemasters' Toybox Turbos offers kitchen table careening in the mode of Micro Machines

Codemasters' Toybox Turbos offers kitchen table careening in the mode of Micro Machines

Riot chase down League of Legends hackers;

Riot chase down League of Legends hackers; "Every player to trigger this exploit will be punished"

Blizzard to deploy Australian servers for World of Warcraft ahead of Warlords of Draenor

Blizzard to deploy Australian servers for World of Warcraft ahead of Warlords of Draenor

Warframe Archwing update turns you into a rocket-powered space ninja

Warframe

Warframe Archwing update turns you into a rocket-powered space ninja

What to do in Assassin's Creed Unity's Paris: Murder, stealing and a bit of detective work

What to do in Assassin's Creed Unity's Paris: Murder, stealing and a bit of detective work

Take a free weekend break in Arma 3

Take a free weekend break in Arma 3

WildStar's Carbine Studios loses over 60 staff in NCSoft

WildStar's Carbine Studios loses over 60 staff in NCSoft "restructuring"

Oddworld: New 'n' Tasty will come to PC

Oddworld: New 'n' Tasty will come to PC "as soon as possible", and a beta is being considered

Look at Dark Souls 2 through new eyes with the first-person mod

Look at Dark Souls 2 through new eyes with the first-person mod