Hacker Tavis Ormandy has discovered a serious vulnerability in a well-known PC game DRM system. The Google engineer said that after buying a game from Ubisoft he became aware that its "Uplay" browser plug-in might prove problematic. In the early hours of this morning Ormandy confirmed that the add-on allows remote and "wide access" to machines running the DRM, potentially giving malicious attackers free reign to wreak havoc.
According to hacker/researcher Tavis Ormandy, the Uplay DRM system designed and operated by Ubisoft could be opening up the company’s customers’ machines to a whole world of hurt.
“While on vacation recently I bought a video game called ‘Assassin’s Creed Revelations’. I didn’t have much of a chance to play it, but it seems fun so far,” Ormandy wrote on the Full Disclosure mailing list yesterday.
“However, I noticed the installation procedure creates a browser plugin for its accompanying Uplay launcher, which grants unexpectedly (at least to me) wide access to websites. I don’t know if it’s by design, but I thought I’d mention it here in case someone else wants to look into it.”
Just 24 hours later Ormandy was back with a worrying update.
“I got it working,” he wrote. “I submitted it to Ubisoft via the online form.”
What Ormandy appears to be suggesting is that once hackers understand how this vulnerability works, websites could incorporate an exploit into their designs which could then allow them to gain access to a Ubisoft game-player’s PC. The sky’s the limit with this kind of opening – software installs, keyloggers, bots or other malware all become possible.