Researchers Identify Security Exploit in Origin

 Pages 1 2 NEXT
 

Researchers Identify Security Exploit in Origin

image

Launching Origin on your PC by clicking random links in your browser may not be such a great idea.

EA's online store Origin doesn't exactly resonate with core gamers compared to other digital delivery platforms, such as Steam. Unfortunately for EA, it looks like there is one more reason to be wary of its electronic marketplace: a security research company has identified an exploit in the Origin platform that could potentially allow an attacker to execute malicious code on a player's computer.

Researchers from ReVuln, based in Malta, published the findings in a white paper last month. The exploit focuses on Origin's use of uniform resource identifiers (URIs), which the program uses in order to enforce DRM protection of its games. ReVuln proposed that malicious users could exploit local vulnerabilities or features by abusing the URI mechanism, such as by creating a malicious internet link that could execute code remotely on a system.

The security researchers recently demonstrated the exploit at a Black Hat security conference in Amsterdam on a system with Origin and Crysis 3 installed. By clicking on a modified URI within a web browser, the researchers were able to run a compromised DLL file on the computer as the game was launching. ReVuln also discovered that attackers could attempt to launch a list of games by brute force, allowing the attacker to exploit a system without knowing what games are available in the victim's account.

This isn't the first time that ReVuln has come across this issue, though: the company identified the same vulnerability in Steam's browser protocol and its use of steam://, which closely resembles the issue found in Origin.

To counter the exploit, ReVuln recommends globally blocking the origin:// URI using a tool such as urlprotocolview. Alternatively, whenever your browser prompts you to always associate origin:// links with the program, you can choose to ignore the suggestion, so you have more control over Origin's execution if something unexpected happens.

An EA spokesman responded to Ars Technica in regards to the vulnerability, saying that "Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure".

Source: ReVuln via Ars Technica

Permalink

"Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure", there really isn't anything more they can do other than hire more people for the team.
However, who hasn't been hacked lately?

EA's failure to learn from Steam's mistake is bad enough. Their response to it is even worse. Hypotheticals? FFS man, you've got a demonstrated remote unauthenticated arbitrary code execution vuln here. This is a vulnerability of the highest order, the sort of thing even Microsoft would get fixed pronto and release an emergency out-of-band update for. Get crackin EA, unless you want to have a worse rep than Microsoft.

I'm glad you mentioned steam has/had a similar problem (has it been fixed?).

Most people trash Origin too much when it's 98% the same damn thing as Steam.

Mimsofthedawg:
I'm glad you mentioned steam has/had a similar problem (has it been fixed?).

Most people trash Origin too much when it's 98% the same damn thing as Steam.

It's the same thing as Steam was years ago. That's why people trash it, Steam already solved most of those problems while Origin keeps doing them again :)

Mimsofthedawg:
I'm glad you mentioned steam has/had a similar problem (has it been fixed?).

Most people trash Origin too much when it's 98% the same damn thing as Steam.

I am also of the opinion that Origin gets bashed a bit too much.

Sure I don't like it in the same I don't like Steam, both are DRM.
Just Steam does a better job of hiding it.

To me Origin has funnily enough loaded up faster, faster download speeds and a better offline mode (Sim City irony I know) that what Steam offers.

I use Steam more and I have like 100% more invested in my Steam account.

But I am not objected to using Origin if the game requires it, because if it's an EA game it's their right to make it only on Origin.
You don't see Half-Life not on Steamworks do you?

Incomer:
It's the same thing as Steam was years ago. That's why people trash it, Steam already solved most of those problems while Origin keeps doing them again :)

I don't know how you can say that for this case when the exploit has only just been found. All it really proves is that both Steam and Origin have less than adequate security.

Isn't there a third store out there too? GoG? Wondering now if this exploit is possible there too.

Mr Cwtchy:

Isn't there a third store out there too? GoG? Wondering now if this exploit is possible there too.

There's many stores out there.
GoG is the next major one however.

See the thing is that GoG is all about 'no DRM' so there's no client and no log-in to play games on the computer.
There's a download manager for games, but that's purely optional and lacks much else apart from chat.

So while it IS possible, I think GoG is safe.

Mr Cwtchy:

Incomer:
It's the same thing as Steam was years ago. That's why people trash it, Steam already solved most of those problems while Origin keeps doing them again :)

I don't know how you can say that for this case when the exploit has only just been found. All it really proves is that both Steam and Origin have less than adequate security.

Isn't there a third store out there too? GoG? Wondering now if this exploit is possible there too.

Read the article, the Origin exploit is exactly the same as Steams.

Wow... I mean I detest EA as much as the next sensible gamer but did this:

happen at all this week? ...No? Okay. :|

Charli:
Wow... I mean I detest EA as much as the next sensible gamer but did this:

happen at all this week? ...No? Okay. :|

Comparing EA to rapists/paedophiles.

Stay classy internet, stay classy.

jackpipsam:

Charli:
Wow... I mean I detest EA as much as the next sensible gamer but did this:

happen at all this week? ...No? Okay. :|

Comparing EA to rapists/paedophiles.

Stay classy internet, stay classy.

Erm where in image did imply rapist and/or paedophile?

There was ambiguous implications and you made a jump in assumptions.

Charli:
Wow... I mean I detest EA as much as the next sensible gamer but did this:

happen at all this week? ...No? Okay. :|

To be fair to The Escapist, EA has been pounded into the ground all over the internet due to Simcity.

evilneko:
EA's failure to learn from Steam's mistake is bad enough. Their response to it is even worse. Hypotheticals? FFS man, you've got a demonstrated remote unauthenticated arbitrary code execution vuln here. This is a vulnerability of the highest order, the sort of thing even Microsoft would get fixed pronto and release an emergency out-of-band update for. Get crackin EA, unless you want to have a worse rep than Microsoft.

I have to agree with you. When steam had this issue and fixed it many years ago, Origin should have already fixed this exploit since it was already exposed and it is a SECURITY issue.

I am not going to lie, I have been avoiding Origin and lately I was considering biting the bullet and trying it for certain games but now I am not touching it until they fix this major problem.

I also am kinda disgusted that EA's recommendation was first for people to block the url instead of fixing the problem or saying they are patching it asap.

Very positively surprised you mentioned Steam did this aswell. Could've left that out and ushered in even more uninformed hatred. This crusade against EA is becoming ridiculous. Hope they fix this issue ASAP. Been happy with Origin so far; very strong and stable downloading being a definitive strength over the competition so far.

Breaking News: Clicking random suspicious links gets your ass hacked!

How does this make Origin any different from any browser ever?

GAunderrated:

I also am kinda disgusted that EA's recommendation was first for people to block the url instead of fixing the problem or saying they are patching it asap.

What are you talking about? It's right there in the statement. Team is constantly investigating as they patch. Will grant you, the use of the word 'hypothetical' is dumb in a demonstrated breach situation, but it doesn't negate the part about constant investigating and patching. The recommendation to block the URL is an obvious panic solution. Patches take time. A program this size needs time, especially to make sure it doesn't create new bugs or breaches.

Reading comprehension, people. Stop looking for things to get mad about when they're not there.

GAunderrated:
I also am kinda disgusted that EA's recommendation was first for people to block the url instead of fixing the problem or saying they are patching it asap.

Sorry guys, the original sentence I wrote was a bit ambiguous. EA didn't make this recommendation; ReVuln recommended this action in their white paper. I've updated the post to reflect this.

the ammout of screw ups EA has done can only be accomplished through talent.
its otherwise humanly not possible..

The exploit focuses on Origin's use of uniform resource identifiers (URIs), which the program uses in order to enforce DRM protection of its games. ReVuln proposed that malicious users could exploit local vulnerabilities or features by abusing the URI mechanism

So essentially you can get past EA's security by being EA? :P

lol, no wonder the CEO resigned.
well, as long they really fix it, then im fine. still like to play bf3 and me3.

Timothy Chang:

GAunderrated:
I also am kinda disgusted that EA's recommendation was first for people to block the url instead of fixing the problem or saying they are patching it asap.

Sorry guys, the original sentence I wrote was a bit ambiguous. EA didn't make this recommendation; ReVuln recommended this action in their white paper. I've updated the post to reflect this.

Ah thank you for that. Now it seems less insulting. lol

Metalrocks:
lol, no wonder the CEO resigned.
well, as long they really fix it, then im fine. still like to play bf3 and me3.

Not sure if serious, but CEO's don't generally resign over breaches in a gaming platform. :P

Ympulse:

Aeshi:
Breaking News: Clicking random suspicious links gets your ass hacked!

How does this make Origin any different from any browser ever?

Because it's EA, and on the internet that's akin to being a child molester or rapist.

The blind vitriol over nothing always gets me with these EA topics. It's still amusing watching frothing retards scream and stamp their feet, but i always wonder if they truly believe what they say.

Ive believed what ive said about EA ever since Command and Conquer 4 happened.

As much as I hate EA.. This isn't really an issue, I mean, first they have to get you on a site related to Origin, so they know you have it, second you have to click the link.. Don't know about most people but I don't use anything web related for Origin other than battlelog.

So, while it's a security loop hole, I feel it could be massively avoided with the use of common sense.

jackpipsam:
But I am not objected to using Origin if the game requires it, because if it's an EA game it's their right to make it only on Origin.
You don't see Half-Life not on Steamworks do you?

Hah, I've actually never thought of it that way, sounds reasonable, so maybe I can use Origin for something more than BF3 after all. However, I won't, because they need to learn that several years old games are NOT worth the kind of money they're asking for it. I'm not paying 60$ for a digital copy of ME3. Maybe when they release a GotY edition I could get a physical copy, we'll see.

Anyway, I like how he says "hypotheticals like these" when it's BEEN DEMONSTRATED, repeatedly. The classy thing to do here would be to just apologize, fix it and move on.

Timothy Chang:
...clicking random links in your browser...

Why would you do this?

Elate:
As much as I hate EA.. This isn't really an issue, I mean, first they have to get you on a site related to Origin, so they know you have it, second you have to click the link.. Don't know about most people but I don't use anything web related for Origin other than battlelog.

So, while it's a security loop hole, I feel it could be massively avoided with the use of common sense.

Wrong. Origin links can be inserted in any website on which an XSS (cross-site scripting) vulnerability is being exploited. Because security knowledge is not the strong point of most of web developers, these kinds of attacks are extremely common.

To prevent being targeted by such an attack, I recommend turning off or removing any browser plug-ins you are not using, especially Java. Flash is relatively safe nowadays, though.

Aeshi:
Breaking News: Clicking random suspicious links gets your ass hacked!

How does this make Origin any different from any browser ever?

See @Aardvark_Soup's reply above. Further, this is a vuln that could easily be exploited via an ad--no XSS needed. There's really not much of a mitigating factor for this vulnerability. That's why remote, unauthenticated, arbitrary code execution is the absolute highest order of security vulnerabilities.

Oh, and have you noticed how lately, exploits are targeted not so much at browsers, but at plugins? Yeah. There's a reason Firefox is going to click-to-play for Flash.

Mr Cwtchy:

Incomer:
It's the same thing as Steam was years ago. That's why people trash it, Steam already solved most of those problems while Origin keeps doing them again :)

I don't know how you can say that for this case when the exploit has only just been found. All it really proves is that both Steam and Origin have less than adequate security.

Isn't there a third store out there too? GoG? Wondering now if this exploit is possible there too.

This can't be applied to GoG, as they don't enforce any kind of DRM.

"Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure"

Translation: "We don't give a shit." (pretty much Microsoft's attitude when it comes to every 2nd OS release)

EDIT: On the subject of getting hacked: I haven't been hacked since installing Windows Server 2008R2. And I run neither a firewall nor any kind of Antivirus, just scans with Live DVDs from time to time.

Ympulse:

Aeshi:
Breaking News: Clicking random suspicious links gets your ass hacked!

How does this make Origin any different from any browser ever?

Because it's EA, and on the internet that's akin to being a child molester or rapist.

The blind vitriol over nothing always gets me with these EA topics. It's still amusing watching frothing retards scream and stamp their feet, but i always wonder if they truly believe what they say.

Well, I can certainly see why you'd think it was vitriol over nothing, if you were born yesterday and have never actually heard of EA except in forum posts as opposed to in the context of things they have actually done in the world. Allow me to assure you that hate for EA actually stems from a very large number of real reasons. I won't insult your intelligence by assuming you need help to find them if you're interested in educating yourself on the matter... you can find them pretty much anywhere.

Aeshi:
Breaking News: Clicking random suspicious links gets your ass hacked!

How does this make Origin any different from any browser ever?

Point being that the service is vulnerable to a specific exploit, through scripts. This is an additional vulnerability caused by the service.

And the random links don't have to be all that suspicious. I got my computer infected through scriptjacking while reading a Resident Evil wiki. Just a regular wiki, nothing any more suss than anywhere else. A system restore and much tinkering later, I learned my lesson and used NoScript. (Funny story: I beat the infection through overclocking).

OT: Yeah, it's worrying, and it's an issue which has been seen before, which makes it pretty clear that yet again, Origin is behind the curve. On the other hand, this sort of thing can happen (Though far less easily) in other cases, so this might be a good time for people to learn a little about the potential for scriptjacking, and all manner of nasties.

Too Late....

Some would say, if you were worried about your privacy, you would not have installed Origin in the first place..... Surprising news, EA's distribution / spyware platform allows you to be spied on.

And before you say it, the EULA did not change from them having the right to gather whatever info they want from your machine, when you decide to use it. And this is not the same as Facebook as you decide what you want to share with the world and as a by product Facebook. Origin, unlike Steam where the surveys are optional, gives you no choice in what is uploaded to EA....

This is how EA has gotten around not being able to sell the info they gather to 3rd parties as in the original EULA. Now they just give 3rd parties a conduit to get the info directly.....

evilneko:
EA's failure to learn from Steam's mistake is bad enough. Their response to it is even worse. Hypotheticals? FFS man, you've got a demonstrated remote unauthenticated arbitrary code execution vuln here. This is a vulnerability of the highest order, the sort of thing even Microsoft would get fixed pronto and release an emergency out-of-band update for. Get crackin EA, unless you want to have a worse rep than Microsoft.

Too late.

CrossLOPER:

Timothy Chang:
...clicking random links in your browser...

Why would you do this?

I think he's pointing out that PEOPLE DO. They just do, for whatever reason that's as random as the randomosity it took to do that.

OT: Oh, big surprise. Another shit hits the fan and they answer in corporate double-talk that can be construed as "We will sit with our thumbs up our asses for the time being.". Heh, and some folks wonder why we're angry. That's funny as hell right there.

 Pages 1 2 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here