EA Origin exploit lets hackers hijack your PC, technically | PCGamesN

Telltale's Game of Thrones appears on Steam for pre-purchase; coming this December

Layoffs hit Double Fine as unannounced project deal falls through

Civilization Online trailer shows time-lapse of players building Paris, before nuking it

EA Origin exploit lets hackers hijack your PC, technically

ReVuln, the company who revealed a potential exploit within the Steam client last October, have done it again. This time they demonstrated in front of an audience at a Black Hat security conference in Amsterdam that hackers could easily hijack computers with EA’s Origin client installed. There are caveats, however.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin [Uniform Resource Identifiers] handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma say in their paper detailing the exploit they demonstrated. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

Essentially, what usually happens when you boot a game through Origin is that it connects to a web link to launch the game. All the hacker has to do to exploit this system is change the URL which Origin attempts to open when you boot a game. If that URL were changed to a site storing malware clicking on a Battlefield 3 server in EA’s Battlelog could inadvertently install malicious software on your computer.

Now, while this exploit has been spotted it isn’t the most convenient thing to arrange from the hacker’s point of view. For one thing, many browsers will still detect the illegal action being performed and ask that you confirm you want to go to such and such address. So long as you read the address that you are being directed to and it’s a legitimate EA URL then you should be fine. Also, there’s the question of how a hacker can get to your Origin client to alter its URLs, something ReVuln don’t go into. So, as per usual, make sure you have your antivirus software up-to-date and don't go to any sites that are clearly shifty. You know the ones.

Thanks, Ars Technica.

 

Login or Register
Alienware - Game VictoriousTurtle Beach
World of Warcraft: Warlords of Draenor review in progress

World of Warcraft: Warlords of Draenor

World of Warcraft: Warlords of Draenor review in progress

Telltale's Game of Thrones appears on Steam for pre-purchase; coming this December

Telltale's Game of Thrones appears on Steam for pre-purchase; coming this December

Layoffs hit Double Fine as unannounced project deal falls through

Layoffs hit Double Fine as unannounced project deal falls through

Civilization Online trailer shows time-lapse of players building Paris, before nuking it

Civilization Online trailer shows time-lapse of players building Paris, before nuking it

Blizzard revert World of Warcraft dungeon loot changes after overwhelming fan feedback

Blizzard revert World of Warcraft dungeon loot changes after overwhelming fan feedback

Evolve won't charge players for its DLC maps; other DLC won't restrict matchmaking either

Evolve won't charge players for its DLC maps; other DLC won't restrict matchmaking either

Yogscast’s Jingle Jam streams for charity all this December

Yogscast

Yogscast’s Jingle Jam streams for charity all this December

The Game Awards 2014 announces fan and jury nominees and categories

The Game Awards 2014 announces fan and jury nominees and categories

Chivalry isn't dead - Chivalry: Medieval Warfare is free for the weekend

Chivalry isn't dead - Chivalry: Medieval Warfare is free for the weekend

EVE Online's

EVE Online's "This is EVE" trailer uses player voice comms to capture the MMO

Metal Gear Solid 5 screenshots compare the PC and PS4 versions of Snake's bottom

Metal Gear Solid 5 screenshots compare the PC and PS4 versions of Snake's bottom

Blow up spaceships in the name of trade in Wayward Terran Frontier: Zero Falls

Blow up spaceships in the name of trade in Wayward Terran Frontier: Zero Falls

Port Review - Far Cry 4

Far Cry 4

Port Review - Far Cry 4

Korean RPG Lost Ark Online looks even more ambitious in the new extended trailer

Korean RPG Lost Ark Online looks even more ambitious in the new extended trailer

Middle-earth: Shadow of Mordor gets another free skin and a new challenge mode

Middle-earth: Shadow of Mordor gets another free skin and a new challenge mode

Dota 2 Nemesis Assassin event paints targets on hero heads

Dota 2 Nemesis Assassin event paints targets on hero heads

Frontier rethink refund policy for those that wanted an offline mode in Elite: Dangerous

Frontier rethink refund policy for those that wanted an offline mode in Elite: Dangerous

Gin and jungling: Snoop Dogg supports fan petition for Dota 2 announcer pack

Gin and jungling: Snoop Dogg supports fan petition for Dota 2 announcer pack

Port Review - Dragon Age: Inquisition

Dragon Age 3: Inquisition

Port Review - Dragon Age: Inquisition

MiniDayZ is a free top-down fan project with the backing of Bohemia

MiniDayZ is a free top-down fan project with the backing of Bohemia

Telltale's Game of Thrones gets a teaser trailer filled with Cersei snark

Telltale's Game of Thrones gets a teaser trailer filled with Cersei snark

Rome II gets four new Greek and Gallic factions today, and one of them is free

Rome II gets four new Greek and Gallic factions today, and one of them is free

There's a new sheriff in town: Valve updates its Steam Early Access rules and guidelines

There's a new sheriff in town: Valve updates its Steam Early Access rules and guidelines

Mechin' around: NCSoft unveils Project HON

Mechin' around: NCSoft unveils Project HON