UPDATED: Ubisoft DRM loophole allows remote hackers to access PCs

A potentially very serious issue with the PC DRM employed by Ubisoft seems to have left many gamers susceptible to hackers.

Rock Paper Shotgun reports that a problem with the Uplay/DRM infrastructure of a number of Ubisoft titles that allows websites to plant potentially malicious code onto the PCs of any visitors who have Uplay installed on their machines.

An attack using this method could easily be orchestrated by an email link. There have also been suggestions that the issue could in theory allow Ubisoft to omitor user’s machines.

This would be a serious breach of trust for any publishers, but for Ubisoft it’s a particularly damning blow. The company has already been beset with high-profile protests against its DRM, which can leave users unable to access single-player titles if technical problems occur.

This latest saga will certainly not help its case.

RPS is urging any gamers who have the following titles installed on their machine to uninstall both them and the Uplay applications as soon as possible. Here’s the list of games that are believed to be affected:

Assassin’s Creed II
Assassin’s Creed: Brotherhood
Assassin’s Creed: Project Legacy
Assassin’s Creed Revelations
Assassin’s Creed III
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy’s H.A.W.X. 2
Tom Clancy’s Ghost Recon: Future Soldier
Tom Clancy’s Splinter Cell: Conviction
Your Shape: Fitness Evolved

UPDATE: RPS now reports that the problem is with a browser plugin that Uplay places onto a user’s machine when it is installed. Removing this plugin prevents the issue from occurring.

About MCV Staff

Check Also

Gaining observability over multiplayer games – “Out-of-the-box observability gives you the ability to know what’s going on, but more importantly what is going wrong.”

Would you like increased transparency over the state of the backend systems as you launch and scale? [This content was created with Improbable]