More than 40 million people are in danger of being affected by a vulnerability that researchers uncovered in EA's Origin online game platform. Apparently, the vulnerability allows attackers to remotely introduce malicious code on players' computers, according to reports.
The report is in tune with what researchers from Malta-based ReVuln demonstrated at the Black hat security conference in Amsterdam last Friday. The team showed just how easy it is for someone to make use of the uniform resource identifiers on Origin to start games automatically on user's machines.
By exploiting flaws in the Origin application available for both PC and Mac, the technique turns EA's online store, which is needed to play games such as "Battlefield 3" and "Need for Speed" on the PC, into a potential attack platform that can secretly install malware on players' computers.
“Multiplayer online games security are an underestimated field, with an insane amount of players playing online games and companies pushing out new games at an incredible rate,” ReVuln researchers Donato Ferrante and Luigi Auriemma write in a paper related to the demonstration.
“The Origin platform allows malicious users to exploit local vulnerabilities or features, by abusing the Origin URI handling mechanism. In other words, an attacker can craft a malicious internet link to execute malicious code remotely on victim’s system, which has Origin installed,” they further added.
An update from EA to ArsTechnica states: “Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure.”