A flaw in EA's Origin game store puts its 40 million or so users at risk of remote execution vulnerabilities
The vulnerability was described by security researchers Luigi Auriemma and Donato Ferranta of ReVuln, in a paper released on Saturday.
Origin is the distribution platform behind just-launched SimCity, along with other popular EA games such as Crysis 3. It lets EA roll out updates to its games, sell titles, and also provides DRM capabilities by authenticating players' games.
But the way the software authorizes players can also be used to hijack computers and install malicious software, the researchers found.
"The Origin platform allows malicious users to exploit local vulnerabilities or features, by abusing the Origin URI handling mechanism," they write. "In other words, an attacker can craft a malicious internet link to execute malicious code remotely on victim’s system, which has Origin installed.
Origin works by using uniform resource identifiers (URIs) to authenticate and initiate games on players' machines. The attack works by spoofing the URI via an URL on a third-party website, so that when a person clicks it, Origin silently opens and loads a file onto the users' machine.
In a demonstration at the Black Hat Security Conference in Amsterdam on Friday, the researchers showed that the exploit could be used to load a Windows dynamic link library file onto the machines. However, because Origin functions on multiple platforms, the exploit works on other systems as well, they say.
A possible fix for the flaw is to disable URLs prefaced with "origin://" via software such as the urlprotocolview, but this will also render useless any desktop shortcuts for Origin games.
At the time of writing, EA had not responded to our requests for further information. This news comes alongside the abrupt departure of EA chief executive John Riccitiello. ®