Quantcast
Posted by Chuck Corbin on Mar 20, 2013

EA’s Origin Service Contains Security Exploit

Will the problems never end for the beleaguered Origin platform? Last week at the Black Hat security conference in Amsterdam it was revealed that Origin has a security vulnerability that would allow attackers to easily compromise an end user’s machine. From what I can tell the attack isn’t even that difficult to pull off.

The exploit is performed by using Origin’s uniform resource identifier to download and install malicious software. What happens is that a person can click on a link through their web browser to start a game, but instead of actually starting the game the malicious code is downloaded and installed onto the computer. You can avoid this type of an attack by opening up Origin and running the game from there, but that might not stop some attackers from trying to entice you to click on their URI link in order to open up your computer.

Now before you get all cocky and say “Well this would never happen on Steam!” keep in mind that a similar exploit was discovered last year by the same people. That attack worked by booby-trapping URLs that started with “Steam://”. However, the temporary fix for it was rather easy: all you had to do to keep yourself protected was to disable the automatic launching of Steam:// URLs.

Source

Post a Comment