Security conference unearths Origin security vulnerability

MCV Staff 19th March 2013 Publishing

Attendees Amsterdam’s Black Hat security conference have discovered a security vulnerability in EA’s Origin client.

ArsTechnica reports that an attack using the loophole takes just seconds to execute” and can even be done without any interaction from the PC owning victim.

The weakness is similar to the one discovered in Steam last year and is based on systems that allow websites to boot games remotely. Tweaking the URLs used in this process can effectively issue instructions to a machine.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism," a paper accompanying the demonstration explained.

"In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim’s system, which has Origin installed."

It should be stressed that there is no evidence that this loophole has been exploited in the real world.

An EA spokesman said that it is constantly updating the security of its platform, stating: "Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure."

Tags

About MCV Staff

Check Also

mi [Event news] The First Guild Wars Card Battler Coming to PC and Mobile

[Event news] The First Guild Wars Card Battler Coming to PC and Mobile

The beloved fantasy franchise Guild Wars expands into new territory with the announcement of a brand new free-to-play digital collectible card game (CCG), Mistbound. Officially licensed by ArenaNet, developed by NC, and globally published by bilibili, Mistbound marks the first CCG spin-off set within the Guild Wars universe. Designed around new multi-directional card movement mechanics, Mistbound aims to bring new energy to the traditional CCG universe and honor the legacy of Guild Wars for players. 

© Copyright 2026, MCV. BizMedia