EA's Troubles Keep Getting Worse: Big Security Flaw Discovered In Origin Platform
from the another-day,-another... dept
Perhaps the timing is a coincidence, but following the absolutely disastrous SimCity launch, in which EA's focus on DRM seemed to get in the way of actually making a product that works, it's been announced that CEO John Riccitiello is stepping down at the end of the month. This is clearly not a planned succession situation, because the company's former CEO, Larry Probst, who ran EA from 1991 until 2007 when he handed it over to Riccitiello is taking over as interim CEO as they search for a real replacement. Perhaps they should look for someone who recognizes that providing a good product that people want to support is a better goal than "stopping piracy." Just a suggestion.Of course, they may also have bigger issues to deal with. Rich Kulawiec was the first of a few of you to submit the news that researchers have demonstrated a pretty big security vulnerability in EA's Origin platform (the company's Steam competitor), which can be used to exploit local vulnerabilities on the computers of about 40 million Origin users. If you'd like to see the hack in action, there's a nice video.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Gotta love how our system works. You show a company that it has a security hole in their software, and instead of thanking you for exposing it so it can be fixed, they crucify you.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
All I heard was:
ka-ching
fwoosh
"So long suckers!"
(that's the sound of a bonus being cashed in, a golden parachute being deployed and a CEO agonizing about the fact that he's been fired).
[ link to this | view in thread ]
http://arstechnica.com/security/2013/03/bug-on-eas-origin-game-platform-allows-attacker s-to-hijack-player-pcs/
[ link to this | view in thread ]
I saw this presented live at Black Hat
There was much applause.
Also, it should be mentioned that Revuln did a similar stunt against Steam, pointing out that a three-and-a-half-year-old exploit _still_ isn't patched for most games on Steam.
In any case, the sploits depend on making the victim click a link on the attacker's web page that open Steam and Origin, respectively, so there is some manual action required for pwnage. Still, I understand there are plenty of such links around with the effect of "join my clan" etc.
Short version of how the exploit works is that it forces a game update from another server than the official one. Some games even allow this update server to be supplied on the command line (!) and thus, once you have an URL with the command line to start, the rest is a matter of working around a few input sanitizers. In short, it's broken by design and a few checks won't help much.
Cheers,
Rick
[ link to this | view in thread ]
Re: I saw this presented live at Black Hat
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
http://arstechnica.com/security/2012/10/steam-vulnerability-can-lead-to-remote-insertion-of -malicious-code/
[ link to this | view in thread ]
Re: I saw this presented live at Black Hat
Huh...I wish that my gaming computer was still up and running. I'd totally mod the opening sequence in Skyrim to be about that.
[ link to this | view in thread ]
Re: I saw this presented live at Black Hat
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: I saw this presented live at Black Hat
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
We shall Forget you even existed....
[ link to this | view in thread ]
Recursive link
[ link to this | view in thread ]
Re: Re: I saw this presented live at Black Hat
[ link to this | view in thread ]
Saying it's worse is like saying a flat tire is worse because someone stuck a nail in it.
The only way to fix the problem is to change it.
I don't see that happening, even as the CEO bails while pulling on his golden parachute rip cord.
[ link to this | view in thread ]
Re: Re:
Wow, you'd never guess it from the way he keeps on blowing his own horn all the time ad infi-fuckin-nitum
[ link to this | view in thread ]
Re:
"Not all Web users are equally at risk to these kinds of attacks. Browsers such as Chrome and Internet Explorer present users with an explicit warning when they click a Steam link, telling them they're about to open or use an external program, and Firefox asks users for confirmation (without explicitly warning of potential vulnerability). Browsers including Apple's Safari and Webkit, though, allow Steam URLs to launch the program without any warnings, letting a potential attack go completely unnoticed. Many browsers that provide prompts or warnings by default can be configured to suppress them, so it's possible attacks might work more widely, Ferrante said."
[ link to this | view in thread ]
Re: Recursive link
[ link to this | view in thread ]
Re:
EA will now die within the next five years. Bank on it.
[ link to this | view in thread ]
Re:
I can guess I can answer my own question with "No Board of Directors really cares about long term viability, only their own paychecks".
[ link to this | view in thread ]
Re:
Charles Carreon has shown us that no matter how bad things get, you can always dig the hole you are in deeper.
[ link to this | view in thread ]
Re: Re: I saw this presented live at Black Hat
[ link to this | view in thread ]
Note to self, make sure my computer deletes all of it's contents if I ever try to install another EA game, as it'll be less frustrating then trying to play the EA game.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
"
XCP.Sony.Rootkit installs a DRM executable as a Windows service, but misleadingly names this service "Plug and Play Device Manager", employing a technique commonly used by malware authors to fool everyday users into believing this is a part of Windows. Approximately every 1.5 seconds this service queries the primary executables associated with all processes running on the machine, resulting in nearly continuous read attempts on the hard drive. This has been shown to shorten the drive's lifespan.
Furthermore, XCP.Sony.Rootkit installs a device driver, specifically a CD-ROM filter driver, which intercepts calls to the CD-ROM drive. If any process other than the included Music Player (player.exe) attempts to read the audio section of the CD, the filter driver inserts seemingly random noise into the returned data making the music unlistenable.
XCP.Sony.Rootkit loads a system filter driver which intercepts all calls for process, directory or registry listings, even those unrelated to the Sony BMG application. This rootkit driver modifies what information is visible to the operating system in order to cloak the Sony BMG software. This is commonly referred to as rootkit technology. Furthermore, the rootkit does not only affect XCP.Sony.Rootkit's files. This rootkit hides every file, process, or registry key beginning with $sys$. This represents a vulnerability, which has already been exploited to hide World of Warcraft RING0 hacks as of the time of this writing, and could potentially hide an attacker's files and processes once access to an infected system had been gained."
While of a somewhat similar nature, XCP and Origin do not use the same code. So please, be more precise in the future.
[ link to this | view in thread ]
Re: I saw this presented live at Black Hat
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: I saw this presented live at Black Hat
[ link to this | view in thread ]
Re:
And all your browsers too.
And Windows actually.
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Recursive link
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: I saw this presented live at Black Hat
[ link to this | view in thread ]
Re: Re:
Same guy who defended the use of Securom back in 2007 despite the proven problems it caused for paying customers.
Yadda, yadda. A disconnected CEO, color me unsurprised at anything except his resignation.
[ link to this | view in thread ]
Re: Re: Re:
Sign me up!
[ link to this | view in thread ]
Also, it's much, much, much more probable that people will try to screw you up if you act like an arsehole.
I feel this eerie pleasure from seeing EA getting owned.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re:
Let's not pretend that the utopia of being online and 100% safe even exists.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
Oh good. We know that putting up a confirmation dialog before executing malicious code is almost completely effective. People don't get owned on a regular basis after clicking OK on a dialog they don't understand.
[ link to this | view in thread ]
Re:
"As we have demonstrated for Steam in our previous paper, Steam Browser Protocol Insecurity, almost the same design problem applies for Origin."
That isn't explicit enough?
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]