Ubisoft's uPlay DRM Security Flaw Leaves Gamers Open To Hackers

By William Usher 2012-07-30 11:14:37 discussion comments
fb share tweet share
(Update: According to a post on Neogaf, uPlay has been updated today and the rootkit exploit has been patched.)

As if you needed an added reason to hate DRM -- the only security prevention method that hinders legit consumers and rewards pirates -- Ubisoft's uPlay client has been put under the microscope and it turns out that there's a security loophole that makes gamers very vulnerable to a number of exploits. Of course, gamers with pirated copies of Ubisoft titles are 100% safe.

GameIndustry.biz is reporting on the incident that was discovered over at SecList. According to a security engineer named Travis Ormandy, he ran into the uPlay problem while on vacation, saying...
"While on vacation recently I bought a video game called 'Assassin's Creed Revelations'. I didn't have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for its accompanying UPlay launcher, which grants unexpectedly (at least to me) wide access to websites,"

I don't know if it's by design, but I thought I'd mention it here in case someone else wants to look into it (I'm not really interested in video game security, I air-gap the machine I use to play games). A few minutes in IDA suggests this might work (untested):

x = document.createElement('OBJECT');
x.type = "application/x-uplaypc";
document.body.appendChild(x);
x.open("-orbit_product_id 1 -orbit_exe_path
QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ== -uplay_steam_mode -uplay_dev_mode
-uplay_dev_mode_auto_play")

$ printf "C:\\WINDOWS\\SYSTEM32\\CALC.EXE" | base64
QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ==

If someone wants to investigate further, please feel free to do so.

Tavis.

His findings were later tested and re-tested by a number of other professionals, and according to CVG the uPlay browser's susceptibility to malware is quite high, however an IT expert states that a rootkit is not exposed.

The best bet for now is to disable the uPlay browser until Ubisoft gets it fixed, however a lot of gamers across the interwebs believe that Ubisoft probably won't fix it since they think 90% of PC gamers are pirates. In this regards, I'd have to suggest that people do pirate Ubisoft games in order to protect their PCs from hackers.

A list of Ubisoft's PC games that are affected by the uPlay browser and potentially puts your PC at risk are listed below. Can we finally get rid of DRM now or do we need more class-action lawsuits?

Assassin's Creed II
Assassin's Creed: Brotherhood
Assassin's Creed: Project Legacy
Assassin's Creed Revelations
Assassin's Creed III
Beowulf: The Game
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
R.U.S.E.
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy's H.A.W.X. 2
Tom Clancy's Ghost Recon: Future Soldier
Tom Clancy's Splinter Cell: Conviction
Your Shape: Fitness Evolved
discussion
Blended From Around The Web
Subscribe To Topics You're Interested In
Comments
blog comments powered by Disqus
<
Back to top
GET GB IN YOUR FEED
RELATED
TOP GAMES
HOT TOPICS
ABOUT US FAQ PRIVACY POLICY JOBS APPS CONTACT
© Cinema Blend LLC / All rights reserved