1 min read

Origin Flaw Puts Millions of Players at Risk, Report Finds

Loredana BOTEZATU

March 19, 2013

Origin Flaw Puts Millions of Players at Risk, Report Finds

A newly discovered flaw in the Origin distribution platform could allow cyber-criminals to install malware on machines regardless of the operating system.

The technique was documented in a paper by security researchers Luigi Auriemma and Donato Ferranta presented at the BlackHat conference in Amsterdam. This is the same team of researchers who found a similar vulnerability in the Steam browser protocol last October.

Image credit: Origin

The Origin Game store is run by Electronic Arts and is the de-facto distribution platform for highly popular games such as Assassin`s Creed, SimCity, Battlefield 3 and Crysis 3. To enjoy such games, the customer needs to install the Origin client that is in charge of digital rights management.

The game is launched by the Origin process with a series of arguments (parameters). This is possible because the Origin client registers its own protocol that starts with origin://. This way, an attacker can craft a malicious URL and post it to gaming-related forums. As the user clicks this link, the Origin client is instructed to include a malicious payload from a remote server and run it along with an Origin game that they have installed.

“In fact, an attacker can remotely compromise millions of systems in a very silent and undetected way, by exploiting any possible local issue or feature exposed by any of the games available on Origin. As the root cause is a design problem of the platform itself, the best protection for Origin users (at the moment) is to disable the origin:// URI handler,” the researchers wrote in the paper.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks
Silviu STAHIE

July 27, 2021

1 min read
Patch your iPhones and Macs against "actively exploited" zero-day right now Patch your iPhones and Macs against "actively exploited" zero-day right now
Graham CLULEY

July 27, 2021

2 min read
Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read