MCV/DEVELOP News, events, research and jobs from the games industry
Attendees Amsterdam’s Black Hat security conference have discovered a security vulnerability in EA’s Origin client.
ArsTechnica reports that an attack using the loophole takes just seconds to execute” and can even be done without any interaction from the PC owning victim.
The weakness is similar to the one discovered in Steam last year and is based on systems that allow websites to boot games remotely. Tweaking the URLs used in this process can effectively issue instructions to a machine.
"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism," a paper accompanying the demonstration explained.
"In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim’s system, which has Origin installed."
It should be stressed that there is no evidence that this loophole has been exploited in the real world.
An EA spokesman said that it is constantly updating the security of its platform, stating: "Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure."
