+ Post New Thread
Results 1 to 3 of 3
Gaming Thread, Ubisoft DRM Lets Remote Attackers In in Fun Stuff; The U-Play v2.0.4 patch can be downloaded from Ubisoft's forums if you made the mistake of buying one of their ...
  1. #1


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,793
    Thank Post
    262
    Thanked 2,964 Times in 2,179 Posts
    Rep Power
    846

    Ubisoft DRM Lets Remote Attackers In

    The U-Play v2.0.4 patch can be downloaded from Ubisoft's forums if you made the mistake of buying one of their games (listed below).

    Sources: Torrent Freak / SecLists

    Hacker Tavis Ormandy has discovered a serious vulnerability in a well-known PC game DRM system. The Google engineer said that after buying a game from Ubisoft he became aware that its "Uplay" browser plug-in might prove problematic. In the early hours of this morning Ormandy confirmed that the add-on allows remote and "wide access" to machines running the DRM, potentially giving malicious attackers free reign to wreak havoc.

    According to hacker/researcher Tavis Ormandy, the Uplay DRM system designed and operated by Ubisoft could be opening up the company’s customers’ machines to a whole world of hurt.

    “While on vacation recently I bought a video game called ‘Assassin’s Creed Revelations’. I didn’t have much of a chance to play it, but it seems fun so far,” Ormandy wrote on the Full Disclosure mailing list yesterday.

    “However, I noticed the installation procedure creates a browser plugin for its accompanying Uplay launcher, which grants unexpectedly (at least to me) wide access to websites. I don’t know if it’s by design, but I thought I’d mention it here in case someone else wants to look into it.”

    Just 24 hours later Ormandy was back with a worrying update.

    “I got it working,” he wrote. “I submitted it to Ubisoft via the online form.”

    What Ormandy appears to be suggesting is that once hackers understand how this vulnerability works, websites could incorporate an exploit into their designs which could then allow them to gain access to a Ubisoft game-player’s PC. The sky’s the limit with this kind of opening – software installs, keyloggers, bots or other malware all become possible.
    • Anno 2070
    • Assassin's Creed II
    • Assassin's Creed: Brotherhood
    • Assassin's Creed: Project Legacy
    • Assassin's Creed Revelations
    • Assassin's Creed III
    • Beowulf: The Game
    • Brothers in Arms: Furious 4
    • Call of Juarez: The Cartel
    • Driver: San Francisco
    • From Dust
    • Heroes of Might and Magic VI
    • Just Dance 3
    • Prince of Persia: The Forgotten Sands
    • Pure Football
    • R.U.S.E.
    • Shaun White Skateboarding
    • Silent Hunter 5: Battle of the Atlantic
    • The Settlers 7: Paths to a Kingdom
    • Tom Clancy's H.A.W.X. 2
    • Tom Clancy's Ghost Recon: Future Soldier
    • Tom Clancy's Splinter Cell: Conviction
    • Your Shape: Fitness Evolved

  2. #2
    CAM
    CAM is offline

    CAM's Avatar
    Join Date
    Mar 2008
    Location
    Reigate Area, Surrey
    Posts
    4,425
    Thank Post
    884
    Thanked 416 Times in 316 Posts
    Blog Entries
    61
    Rep Power
    328
    Yikes! I nearly bought some of those titles in the Steam sale!

  3. #3


    Join Date
    Feb 2007
    Location
    51.403651, -0.515458
    Posts
    9,793
    Thank Post
    262
    Thanked 2,964 Times in 2,179 Posts
    Rep Power
    846
    I refuse to buy any Ubisoft games due to their stance on DRM. They treat their customers like



SHARE:
+ Post New Thread

Similar Threads

  1. Problem with Remote Access in server 2008
    By sparker in forum Windows Server 2008
    Replies: 0
    Last Post: 20th February 2012, 02:50 PM
  2. Remote Controls in Classrooms
    By techman in forum Physical Security
    Replies: 4
    Last Post: 12th September 2011, 11:27 AM
  3. Replies: 1
    Last Post: 11th July 2008, 10:59 AM
  4. Let me in! I want to work!
    By m2d2 in forum General Chat
    Replies: 20
    Last Post: 22nd December 2007, 12:00 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •