Ubisoft Uplay DRM security flaw might allow any website to take control of your PC


Speculation abounds that Ubisoft’s DRM tool Uplay may essentially give it the sort of deep-level access to your machine that allows any website to seriously compromise your PC and unleash all sorts of horror. “Ubisoft installs a backdoor that allows any website to take over your computer,” reads an alarming explanation on Ycombinator. If the accusations are on the money, the Uplay software affects most current Ubisoft games on PC, from Assassin’s Creed Revelations to Splinter Cell: Conviction. Be warned, while nothing terrible has happened yet, this is a potential security flaw that absolutely warrants a furrowed brow and a temporary uninstallation.

Ubisoft have yet to respond tothe reports. Our onlinesecurity expert, however, explained just what’s gone wrong with Uplay: “Essentially Ubisoft created a plugin that allows them to launch games from the browser. The executable being launched is encrypted with Base64, which obscures what’s launching, so all a malicious third-party has to do is encode whatever executable they want to launch on your PC in Base64, replace a part of Ubisoft’s code and then embed this into any web page. When you visit that web page, it launches this unknown executable, which could be harmful. This is obviously a massive security threat.”

This exploit uses Uplay’s browser plugin rather than the Uplay client itself, seemingly. Temporarily removing said plugin until such time as Ubisoft update the service would be wise. As for whether this is sort of backdoor access was part of some kind of sinister Ubisoft master plan? “No, I don’t believe Ubisoft created this deliberately, I believe the person who coded this was just lazy or not particularly security-conscious.”

Here’s afull list of games currently bundled with Uplay software:

Assassin’s Creed II,Assassin’s Creed: Brotherhood,Assassin’s Creed: Project Legacy,Assassin’s Creed Revelations,Beowulf: The Game,Call of Juarez: The Cartel,Driver: San Francisco,Heroes of Might and Magic VI,Just Dance 3,Prince of Persia: The Forgotten Sands,Pure Football,R.U.S.E.,Shaun White Skateboarding,Silent Hunter 5: Battle of the Atlantic,The Settlers 7: Paths to a Kingdom,Tom Clancy’s H.A.W.X. 2,Tom Clancy’s Ghost Recon: Future Soldier,Tom Clancy’s Splinter Cell: Conviction,Your Shape: Fitness Evolved

We’ve contacted Ubisoft for comment, and will report back with any updates.