Update: Elder Scrolls Online May Have Day One Vulnerability

 Pages 1 2 NEXT
 

Update: Elder Scrolls Online May Have Day One Vulnerability

Elder Scrolls Online screenshot

All games developed by Bethesda since 2001 carry a security exploit that may put Elder Scrolls Online's launch at risk.

Update: Since The Elder Scrolls Online is being developed by ZeniMax Online Studios and uses "its own unique engine", there is little chance this particular vulnerability will exist in the finished game.

There are two generally accepted facts when it comes to Bethesda's RPGs: They feature vast worlds that players can explore for hours, and those worlds will be filled with various bugs. Such quirks are par for the course in single-player games, but they could create all-new problems for the MMO setting of Elder Scrolls Online. A security analyst poking around the developer's back catalog has discovered a vulnerability within Bethesda games stretching back to 2001. While the exploit was relatively harmless for single-player titles, the same code within Elder Scrolls Online could subject players to security and privacy risks when it launches later this year.

This exploit is a format string vulnerability, which allows users to manipulate the game's running stack. By activating specialized functions using the developer's console, players can display information hidden in the program's memory or, with a few keystrokes, crash the game to the desktop. The exploit has been tested using Morrowind, Skyrim, and even Fallout 3, although abuses would be understandably rare in single-player games. Trouble is, if Elder Scrolls Online uses the same code, potentially any user could access the functions of other systems, or perhaps the server itself.

So let's say the exploit is included in Elder Scrolls Online: What's the worst that could happen? The most likely answer is an increased risk of DDoS attacks on servers, which would prevent anyone from being able to play their recently purchased game. One could also activate administrative privileges for their characters, or even more concerning, display the account passwords of other players. That said, now that the exploit is public knowledge, hopefully Bethesda can patch any offending code before its game reaches the public. Not only would that make the launch easier on players and staff alike, but it would prevent an MMO launch disaster comparable to Diablo III in its scope.

Source: Joe's Security Blog, via Warcry

Permalink

Allow me to quote what i said on the Facebook comment section on the article.

"ELDER SCROLLS ONLINE IS NOT BEING DEVELOPED BY BETHESDA! JUST PUBLISHED BY IT! (They do however have most creative control over it)."

This game is not made by Bethesda.

This game is not built in the same engine as any of the previous games.

This is a very silly article.

As other posters above have indicated, this article is absolute bunk.
I really feel that this one should be removed, it's so obvious too anyone with even a passing knowledge of these games that there is no way that this vulnerability will be present because the games are being developed by different companies with different engines, unless this vulnerability is present on the Hero Engine used too develop SWTOR as well? ( It isn't )

Limos:
This game is not made by Bethesda.

This game is not built in the same engine as any of the previous games.

This is a very silly article.

Exactly. The game is being built from the ground up by Zenimax. TES engine would not work well in an MMO set up.

Remove the article, it is nothing but bunk.

I've seen better journalism in a KKK newsletter.

That is some pretty wild speculation, not to mention baseless. Also does this mean the Elders scrolls MMO is coming out soon?

MephistosCousin:

"ELDER SCROLLS ONLINE IS NOT BEING DEVELOPED BY BETHESDA! JUST PUBLISHED BY IT! (They do however have most creative control over it)."

Bethesda published games are also known for being so VERY bug free!

See: New Vegas. Brink.

Frostbite3789:

MephistosCousin:

"ELDER SCROLLS ONLINE IS NOT BEING DEVELOPED BY BETHESDA! JUST PUBLISHED BY IT! (They do however have most creative control over it)."

Bethesda published games are also known for being so VERY bug free!

See: New Vegas. Brink.

That's not the point. The point is that the odds of this specific security vulnerability being in there are slim to none, because there's no reason to believe that this game would have any of the vulnerable code, seeing how it's being made by a different developer and (almost certainly) using a different engine.

Limos:
This game is not made by Bethesda.

This game is not built in the same engine as any of the previous games.

This is a very silly article.

Not silly, plain and utter stupid. Seriously does no-one working at the Escapist have any idea how game development, game engines and publishers work? Urge to wander off to a competent website....... rising.

Captcha: brush your teeth - fine if you say so captcha.... jerk

Okay fine. A Wordpress blogger can crash his Bethesda games with a console command. I believe it. MMOs don't give players access to the console so it's a moot point. Really, no effort was spent investigating the likelihood of this claim before this article was posted.

I hear that the previous few Elder Scrolls games also had a zero day exploit players could ue to alter the game to their benefit, called a console. Since it was in the others, it's likely to be in ESO too, right? Players could thus potentially exploit this "console" to level themselves, add items, and even kill other players or npcs!

^ Logic used by the article. Seriously, I'll add my +1 to the request to have this article removed.

I think I've played around with game stacks trying to get mods or quests to complete, it isn't that big of a deal.

Bethesda games have a history of being moddable and having dev functions like the console available for players to fiddle with.

I with the other posters on this. This article isn't very good.

In other news...


Come on News Room, you're better than this.

+1 to the "Why is this even news?" crowd.

Different developer
Different engine
Different type of game

There is no logical reason to assume this kind of exploit has any possibility of being used.

This comes across as sensationalism purely for the sake of generating views.

Wait, I thought Bethesda was only-

MephistosCousin:
Allow me to quote what i said on the Facebook comment section on the article.

"ELDER SCROLLS ONLINE IS NOT BEING DEVELOPED BY BETHESDA! JUST PUBLISHED BY IT! (They do however have most creative control over it)."

Well, guess I was right. If anything, the problem ToSO will have on launch is not having enough servers to meet demand, like we have been seeing recently with the more infamous Simcity and Diablo 3 debacles.

I logged in just to add to the other crowd that this is a completely baseless and terribly researched article. Really brings down my perceptions of The Escapist, different engine and dev team entirely for ESO. Come on, if I was Bethesda's PR team, I would be pretty upset at you guys.

Yep, different developer and different engine. The article should just be removed or be marked with a huge disclaimer stating its nothing but pure and terrible speculation, before some other "news site" picks this up and starts spreading it around.

Does anyone really think you are going to have access to the developer console for ES:O like you do in the single player games? Really?

Yeah... in future, maybe you should ensure your articles are based on a bit more than the random musings found on some guy's blog.

this is a very nice blogpost by some random guy, but it completely ignores the fact that it was already established that TES online will not run on their endlessly recycled gamebryo engine. (which is fine by me in theory - it evolves pretty awesomely)
so we can kinda blame this one on the actual source.
also: DO NOT JUST PULL A NEWS ARTICLE/SOURCE FROM WARCRY, the escapist sister site, and then list it as a source. that's lazyness≥.
if we start writing articles with those kind of sources, we can someday be like "Source: Warcry via Escapist via Warcry via....".
instead we should post the relevant articles on both sites. THEY'RE MAINTAINED BY THE SAME PEOPLE, GOD DAMN IT. (or at least so the "about us" page states)

/rant

on a more calm note: I am pretty sure that despite my allcaps, this is a relevant problem.

Frostbite3789:

MephistosCousin:

"ELDER SCROLLS ONLINE IS NOT BEING DEVELOPED BY BETHESDA! JUST PUBLISHED BY IT! (They do however have most creative control over it)."

Bethesda published games are also known for being so VERY bug free!

See: New Vegas. Brink.

You had a bug free experience with New Vegas? The very thought of this happening to anyone astounds me.

Also, Fanghawk - concerning doesn't work in your third paragraph, disconcerting fits. well it works, but I don't like it, so it doesn't.
And also I fail at recognizing simple sarcasm. I'm just going away now.

SecondPrize:

You had a bug free experience with New Vegas? The very thought of this happening to anyone astounds me.

You might want to get your sarcasm detector checked.

In other news; if the game was made with butter, it would melt in sunlight!

This article takes the cake for sensationalist title. Was any research done before this was written?

Also:

Trouble is, if Elder Scrolls Online uses the same code,

IF!? You're writing an article based purely on speculation!?

As many people have pointed out, Elder Scrolls Online isn't being developed by Bethesda. That alone should have given enough of a clue that it's not likely to happen.

By activating specialized functions using the developer's console

If the developer console was available to everyone in this game it would be doomed to fail anyway.

Time I started getting geek news elsewhere I think.

Limos:
This game is not made by Bethesda.

This game is not built in the same engine as any of the previous games.

This is a very silly article.

Not really. Bethesda has been working with Gamebryo for over 10 years now, why would they abandon an engine with which they've gotten that far?

It's pretty easy for them now: they don't have to write the engine, just net and sync code. They've also got all the systems for NPCs and AI already coded, why write something new when the old one works just as well?

Even IF the dev team is different from the usual one for TES games, if they can get an engine that's already working well for the kind of thing they're trying to accomplish, they won't say no.

Matthi205:

Limos:
This game is not made by Bethesda.

This game is not built in the same engine as any of the previous games.

This is a very silly article.

Not really. Bethesda has been working with Gamebryo for over 10 years now, why would they abandon an engine with which they've gotten that far?

It's pretty easy for them now: they don't have to write the engine, just net and sync code. They've also got all the systems for NPCs and AI already coded, why write something new when the old one works just as well?

Because they've already abandoned it?

Skyrim was made with the in-house Creation Engine.

Ed130:

Matthi205:

Limos:
This game is not made by Bethesda.

This game is not built in the same engine as any of the previous games.

This is a very silly article.

Not really. Bethesda has been working with Gamebryo for over 10 years now, why would they abandon an engine with which they've gotten that far?

It's pretty easy for them now: they don't have to write the engine, just net and sync code. They've also got all the systems for NPCs and AI already coded, why write something new when the old one works just as well?

Because they've already abandoned it?

Skyrim was made with the in-house Creation Engine.

Which was made based on the source code of Gamebryo. It was also made to be compatible with all the processes the dev team was familiar with from Gambryo.

Matthi205:

Ed130:

Matthi205:

Not really. Bethesda has been working with Gamebryo for over 10 years now, why would they abandon an engine with which they've gotten that far?

It's pretty easy for them now: they don't have to write the engine, just net and sync code. They've also got all the systems for NPCs and AI already coded, why write something new when the old one works just as well?

Because they've already abandoned it?

Skyrim was made with the in-house Creation Engine.

Which was made based on the source code of Gamebryo. It was also made to be compatible with all the processes the dev team was familiar with from Gambryo.

You mean C++? You do realize that its one of the more common computer languages? Hell, I think my sister is learning it for her computer science degree.

yeh it will have day one vulnerability it's called Wild Star. Seriously Wild Star wild star shaping out to be quite interesting game with great design and features, very different from ESO or at least what i saw of it.

Matthi205:

Limos:
This game is not made by Bethesda.

This game is not built in the same engine as any of the previous games.

This is a very silly article.

Not really. Bethesda has been working with Gamebryo for over 10 years now, why would they abandon an engine with which they've gotten that far?

It's pretty easy for them now: they don't have to write the engine, just net and sync code. They've also got all the systems for NPCs and AI already coded, why write something new when the old one works just as well?

Even IF the dev team is different from the usual one for TES games, if they can get an engine that's already working well for the kind of thing they're trying to accomplish, they won't say no.

Regardless of which engine was used to create skyrim, the current iteration of a gamebryo engine is very unsuitable for multiplayer play, for one very important reason. The features of the engine utilized in Skyrim require a lot of processing power to properly calculate. These calculations would require even more calculations if netcode were put into the game, opening up even more bugs and halting gameplay

Indeed, if Skyrim's engine was used for the Elder Scrolls Online, not only would this article be true, but the game would be unplayable once the amount of players logged in goes into the double figures.

But that doesn't matter at this time, since ESO is being developed by Zenimax Online Studios, who are not skyrim's developers. Skyrim's developers are Bethesda Game Studios. It is safe to assume that a different developer would be assigned a more appropriate game engine, if they do not already have an in-house engine for use for online game development.

Here are some wiki links relating to the two developers: http://en.wikipedia.org/wiki/ZeniMax_Online_Studios, http://en.wikipedia.org/wiki/Bethesda_Game_Studios

Ed130:

You mean C++? You do realize that its one of the more common computer languages? Hell, I think my sister is learning it for her computer science degree.

A) C++ is the most common programming language.
B) Do you have ANY idea how many lines of code it takes for a more or less advanced game engine? And for something that occupies the same level of complexity that Bethesda's Gamebryo modification has?

You're trying to mock me with something which you seemingly don't understand.

Thats a pretty far fetched claim. Elder Scrolls Online may not use the same engine but that doesn't matter. A client is never secure. A hacker could go ahead and use the vulnerability, or take the much simpler route of simply modifying the client. The presence of a client vulnerability is completely irelevant.

Illogical and untrue assumption, not even based upon real experience, uttered by an incompetent writer.

Did anyone even think this troufh? Screw this website. I'm out.

Lol....if Bethesda is giving the players access to the developer console in a MMORPG they would be the stupid!
Even if the console is available, access to commands like this would just be denied (see for example the WOW-console)
Plus the fact that this game is developed on a completely different engine!

Seriously...this article is just embarrassing!

 Pages 1 2 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here