Topic: Big Security Risk In Some Ubisoft PC Games

[Mr Kipling]

http://www.rockpapershotgun.com/2012/07/30/psa-possible-security-risk-in-some-ubisoft-pc-games/

Warning: Big Security Risk In Some Ubisoft PC Games

By Alec Meer on July 30th, 2012 at 11:30 am.


We’re currently investigating the full extent of this, but moralising and recrimination can come later. For now, the important thing is to warn folks who have certain Ubisoft games installed on their PCs that an apparent backdoor has been discovered in the Uplay infrastructure/DRM which may in theory allow any anyone so minded to install God knows what horrors on your PC. It isn’t confirmed as definite, but certainly proof of concept code is calling up Uplay windows and then loading other programs from websites that have nothing to do with Ubisoft. If Uplay is on your PC, I urge you to uninstall it and any games that use it immediately, until we know more. Update: the flaw lies specifically in a browser plugin Uplay quietly installs, and the general consensus is now that’s all you need to remove to protect yourself. See below for details on how to rid your PC of it.

Essentially, as described here, with the right piece of code any website can call up a Uplay window and from that might be able to slip a program install or launch of their choice onto your PC. Were someone with malevolent intent to inject the code onto a commonly-visited website, they might be able to gain control over any number of PCs – or install keyloggers, viruses and the like, or just plain old wipe your hard drive. The web security expert we chatted to says this could even occur via an email link, making this exploit a phisher’s dream if it’s as a bad as it sounds.

Says the expert we spoke to, “you could click on a weblink, thinking you were visiting the BBC News Website from a friendly list of bookmarks. Except it’d also install a program via UBISoft’s DRM plugin which wiped your hard drive. It is a genuine threat. All it would take is an exploited wordpress, say.”

But I come here not to sensationalise, but to warn. With news of this backdoor spreading like wildfire and proof of concept code already out there, there’s a very real chance that someone will try to achieve something unpleasant with it before Ubisoft can shut it down. That’s presuming it is what it appears to be, of course – this may turn out to be an exaggeration, especially as the internet does so love to mock Ubi’s notorious DRM, but so far the evidence very much points to this being as dangerous as it sounds. I’ve contacted Ubisoft for comment and will update as and when we know more. There’s been no response as yet, and other sites are reporting similar silence.

The fault does appear to specifically lie with a browser plugin Uplay installs rather than Uplay itself, so remove that from your Firefox/Chrome/IE/etc extensions as a priority, but I’m erring on the side of extreme caution and advocating the removal of anything associated with Uplay until this apparent threat is dealt with. Here’s how to locate and disable the errant plugin:


    Firefox:
    Tools – Add-ons – Plugins – Disable the Uplay and Uplay PC Hub plugins

    Chrome:
    Visit about:plugins and disable

    Opera:
    Settings – Preferences – Advanced – Downloads – Search “Uplay”, delete

(Via Revisor on our forums).

Contrary to what some parts of the web are currently screaming, this is not a rookit – it’s an exploit in a browser extension. Alas, the vast majority of folk with said browser extension will have been hitherto unaware that Uplay had installed it.

You can find the games which apparently include the exploit listed below. If you have any of them on PC, I would urge you to uninstall them and any Uplay applications as soon possible as a precautionary measure. If you have any of these games on your PC, you can also see the apparent exploit harmlessly in action with the link here.

We’ve tested with a PC that has never had Uplay installed on it. The exploit didn’t work at all. After installing Uplay alone, immediately the test link did indeed work, calling up the Uplay window, and then with that, booting the Windows Calculator. After uninstalling Uplay, the exploit once again didn’t work.

Calculator’s hardly scary of course, but if someone could use the exploit to slip another program onto your PC or run command lines, anything could happen. Frightening – even if there is still something of a question mark over exactly what level of access a nasty soul could go on to achieve. Additionally, this software would appear to allow Ubisoft to monitor PCs running Uplay, but again let’s wait for more details before any hammers of judgement are wielded.

It appears versions of some of these games are Uplay-free and thus in theory safe, but again it may be better to be paranoid than sorry. You can always reinstall later, right? I’d also urge you to check your list of installed programs in Windows, just in case an old install of the Uplay launcher/plugin is hanging around despite your having previously uninstalled any games that used it.

Here’s the list of titles known to be affected:

    Assassin’s Creed II
    Assassin’s Creed: Brotherhood
    Assassin’s Creed: Project Legacy
    Assassin’s Creed Revelations
    Assassin’s Creed III
    Beowulf: The Game
    Brothers in Arms: Furious 4
    Call of Juarez: The Cartel
    Driver: San Francisco
    Heroes of Might and Magic VI
    Just Dance 3
    Prince of Persia: The Forgotten Sands
    Pure Football
    R.U.S.E.
    Shaun White Skateboarding
    Silent Hunter 5: Battle of the Atlantic
    The Settlers 7: Paths to a Kingdom
    Tom Clancy’s H.A.W.X. 2
    Tom Clancy’s Ghost Recon: Future Soldier
    Tom Clancy’s Splinter Cell: Conviction
    Your Shape: Fitness Evolved

I’m not at all certain that list is complete, given other games are known to use Uplay – From Dust, for instance. Check your program installs and browser extensions/plugins for any trace of it regardless – it might be there from an older install even though the game that carried it is no longer on your PC.

Again, more news as we have it.

[Prelude no.5]

Piracy doesn't look that bad now does it. 

[Andy @ Allerton!]

http://www.computerandvideogames.com/360662/uplay-security-flaw-a-huge-risk-says-hack-expert/

Ubisoft must patch its uPlay online service "as a matter of urgency", an online security expert has told CVG.

 Early reports indicate that Ubisoft's online PC network has been hacked into with new exposed data suggesting that the service includes an alleged "rootkit"; a term given for software that gains privileged access onto sensitive computer files.

Ubisoft has declined to comment at this early stage.

Rik Ferguson, the director of security research at Trend Micro, challenged the assumption that the service features a rootkit.

However, he added that the security flaw represents a huge risk and must be resolved immediately.

"This certainly looks like an easily exploitable software flaw, but I'm not sure I would go as far as calling it a rootkit," Ferguson told CVG.

"The reports state the exploitable code is in the form of a browser plugin, the plugin does not attempt to hide its presence on your system and can be relatively simply disabled. It's not a malicious root, just really bad code," he added.

Ferguson's account reflects another IT expert's view, who told CVG that the exploit was likely an unintentional security vulnerability, as opposed to an intentional backdoor left in the system.

uPlay is a mandatory service that registers PC games published by Ubisoft.

Ferguson urged Ubisoft to fix the loophole as soon as possible now that the exploit is public information.

"Pushing out such easily exploitable code, to such an easily targeted platform as a web browser through such a huge gaming population presents a huge risk and will of course be of interest to online criminals.

"Ubisoft should be patching this code as a matter of urgency and in the meantime, gamers should be disabling the plug-in".

 

[iSmiff]

i'm glad i refuse to buy Ubisoft games

[Lusty]

Any details on how this was discovered?  I'm assuming someone is exploiting it in the wild if they've gone to the trouble of telling people rather than just quietly patching it and hoping no one notices...

This keeps on happening, just negligence on their part really.

[wacko]

i'm glad i refuse to buy Ubisoft games

If only everyone else who moans about their DRM would do the same. That'd be the end of it right there.

[Sir Harvest Fields]

Eh? Do what?

Ive no idea what this all means. I know im fucked off with the amount of games needing internet to activate the game etc. What does this mean in real terms?

[wacko]

Ultimately, all the people squealing about onerous and ridiculous DRM (such as requiring an Internet connection for single-player games) still go out and buy the games, tacitly approving the practice.

If they manned up and actually boycotted the games instead of bending over and taking it, this kind of shit would stop tomorrow.

[iSmiff]

From Dust was the last straw for me, a game so utterly broken it was unplayable and they didn't release a single patch for it.