Researchers Identify Security Exploit in Origin

Timothy Chang

painkillers and whiskey
Jun 5, 2012
704
0
0
Researchers Identify Security Exploit in Origin



Launching Origin on your PC by clicking random links in your browser may not be such a great idea.

EA's online store Origin doesn't exactly resonate [http://www.escapistmagazine.com/news/view/118516-EA-Defends-Origin-From-Hardcore-Crowd] with core gamers compared to other digital delivery platforms, such as Steam. Unfortunately for EA, it looks like there is one more reason to be wary of its electronic marketplace: a security research company has identified an exploit in the Origin platform that could potentially allow an attacker to execute malicious code on a player's computer.

Researchers from ReVuln, based in Malta, published the findings in a white paper [http://www.revuln.com/files/ReVuln_EA_Origin_Insecurity.pdf] last month. The exploit focuses on Origin's use of uniform resource identifiers (URIs), which the program uses in order to enforce DRM protection of its games. ReVuln proposed that malicious users could exploit local vulnerabilities or features by abusing the URI mechanism, such as by creating a malicious internet link that could execute code remotely on a system.

The security researchers recently demonstrated the exploit at a Black Hat security conference in Amsterdam on a system with Origin and Crysis 3 installed. By clicking on a modified URI within a web browser, the researchers were able to run a compromised DLL file on the computer as the game was launching. ReVuln also discovered that attackers could attempt to launch a list of games by brute force, allowing the attacker to exploit a system without knowing what games are available in the victim's account.

This isn't the first time that ReVuln has come across this issue, though: the company identified the same vulnerability in Steam's browser protocol [http://revuln.com/files/ReVuln_Steam_Browser_Protocol_Insecurity.pdf] and its use of steam://, which closely resembles the issue found in Origin.

To counter the exploit, ReVuln recommends globally blocking the origin:// URI using a tool such as urlprotocolview [http://www.nirsoft.net/utils/url_protocol_view.html]. Alternatively, whenever your browser prompts you to always associate origin:// links with the program, you can choose to ignore the suggestion, so you have more control over Origin's execution if something unexpected happens.

An EA spokesman responded to Ars Technica in regards to the vulnerability, saying that "Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure".


Source: Ars Technica [http://www.revuln.com/files/ReVuln_EA_Origin_Insecurity.pdf]

Permalink
 

Boris Goodenough

New member
Jul 15, 2009
1,428
0
0
"Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure", there really isn't anything more they can do other than hire more people for the team.
However, who hasn't been hacked lately?
 

evilneko

Fall in line!
Jun 16, 2011
2,218
49
53
EA's failure to learn from Steam's mistake is bad enough. Their response to it is even worse. Hypotheticals? FFS man, you've got a demonstrated remote unauthenticated arbitrary code execution vuln here. This is a vulnerability of the highest order, the sort of thing even Microsoft would get fixed pronto and release an emergency out-of-band update for. Get crackin EA, unless you want to have a worse rep than Microsoft.
 

Incomer

New member
Sep 15, 2009
110
0
0
Mimsofthedawg said:
I'm glad you mentioned steam has/had a similar problem (has it been fixed?).

Most people trash Origin too much when it's 98% the same damn thing as Steam.
It's the same thing as Steam was years ago. That's why people trash it, Steam already solved most of those problems while Origin keeps doing them again :)
 

jackpipsam

SEGA fanboy
Jun 2, 2009
830
0
0
Mimsofthedawg said:
I'm glad you mentioned steam has/had a similar problem (has it been fixed?).

Most people trash Origin too much when it's 98% the same damn thing as Steam.
I am also of the opinion that Origin gets bashed a bit too much.

Sure I don't like it in the same I don't like Steam, both are DRM.
Just Steam does a better job of hiding it.

To me Origin has funnily enough loaded up faster, faster download speeds and a better offline mode (Sim City irony I know) that what Steam offers.

I use Steam more and I have like 100% more invested in my Steam account.

But I am not objected to using Origin if the game requires it, because if it's an EA game it's their right to make it only on Origin.
You don't see Half-Life not on Steamworks do you?
 

Mr Cwtchy

New member
Jan 13, 2009
1,045
0
0
Incomer said:
It's the same thing as Steam was years ago. That's why people trash it, Steam already solved most of those problems while Origin keeps doing them again :)
I don't know how you can say that for this case when the exploit has only just been found. All it really proves is that both Steam and Origin have less than adequate security.

Isn't there a third store out there too? GoG? Wondering now if this exploit is possible there too.
 

jackpipsam

SEGA fanboy
Jun 2, 2009
830
0
0
Mr Cwtchy said:
Isn't there a third store out there too? GoG? Wondering now if this exploit is possible there too.
There's many stores out there.
GoG is the next major one however.

See the thing is that GoG is all about 'no DRM' so there's no client and no log-in to play games on the computer.
There's a download manager for games, but that's purely optional and lacks much else apart from chat.

So while it IS possible, I think GoG is safe.
 

Ed130 The Vanguard

(Insert witty quote here)
Sep 10, 2008
3,782
0
0
Mr Cwtchy said:
Incomer said:
It's the same thing as Steam was years ago. That's why people trash it, Steam already solved most of those problems while Origin keeps doing them again :)
I don't know how you can say that for this case when the exploit has only just been found. All it really proves is that both Steam and Origin have less than adequate security.

Isn't there a third store out there too? GoG? Wondering now if this exploit is possible there too.
Read the article, the Origin exploit is exactly the same as Steams.
 

Charli

New member
Nov 23, 2008
3,445
0
0
Wow... I mean I detest EA as much as the next sensible gamer but did this:

happen at all this week? ...No? Okay. :|
 

jackpipsam

SEGA fanboy
Jun 2, 2009
830
0
0
Charli said:
Wow... I mean I detest EA as much as the next sensible gamer but did this:

happen at all this week? ...No? Okay. :|
Comparing EA to rapists/paedophiles.

Stay classy internet, stay classy.
 

Charli

New member
Nov 23, 2008
3,445
0
0
jackpipsam said:
Charli said:
Wow... I mean I detest EA as much as the next sensible gamer but did this:

happen at all this week? ...No? Okay. :|
Comparing EA to rapists/paedophiles.

Stay classy internet, stay classy.
Erm where in image did imply rapist and/or paedophile?

There was ambiguous implications and you made a jump in assumptions.
 

Ed130 The Vanguard

(Insert witty quote here)
Sep 10, 2008
3,782
0
0
Charli said:
Wow... I mean I detest EA as much as the next sensible gamer but did this:

happen at all this week? ...No? Okay. :|
To be fair to The Escapist, EA has been pounded into the ground all over the internet due to Simcity.
 

GAunderrated

New member
Jul 9, 2012
998
0
0
evilneko said:
EA's failure to learn from Steam's mistake is bad enough. Their response to it is even worse. Hypotheticals? FFS man, you've got a demonstrated remote unauthenticated arbitrary code execution vuln here. This is a vulnerability of the highest order, the sort of thing even Microsoft would get fixed pronto and release an emergency out-of-band update for. Get crackin EA, unless you want to have a worse rep than Microsoft.
I have to agree with you. When steam had this issue and fixed it many years ago, Origin should have already fixed this exploit since it was already exposed and it is a SECURITY issue.

I am not going to lie, I have been avoiding Origin and lately I was considering biting the bullet and trying it for certain games but now I am not touching it until they fix this major problem.

I also am kinda disgusted that EA's recommendation was first for people to block the url instead of fixing the problem or saying they are patching it asap.
 

Karathos

New member
May 10, 2009
282
0
0
Very positively surprised you mentioned Steam did this aswell. Could've left that out and ushered in even more uninformed hatred. This crusade against EA is becoming ridiculous. Hope they fix this issue ASAP. Been happy with Origin so far; very strong and stable downloading being a definitive strength over the competition so far.
 

Aeshi

New member
Dec 22, 2009
2,640
0
0
Breaking News: Clicking random suspicious links gets your ass hacked!

How does this make Origin any different from any browser ever?
 

Karathos

New member
May 10, 2009
282
0
0
GAunderrated said:
I also am kinda disgusted that EA's recommendation was first for people to block the url instead of fixing the problem or saying they are patching it asap.
What are you talking about? It's right there in the statement. Team is constantly investigating as they patch. Will grant you, the use of the word 'hypothetical' is dumb in a demonstrated breach situation, but it doesn't negate the part about constant investigating and patching. The recommendation to block the URL is an obvious panic solution. Patches take time. A program this size needs time, especially to make sure it doesn't create new bugs or breaches.

Reading comprehension, people. Stop looking for things to get mad about when they're not there.
 

Timothy Chang

painkillers and whiskey
Jun 5, 2012
704
0
0
GAunderrated said:
I also am kinda disgusted that EA's recommendation was first for people to block the url instead of fixing the problem or saying they are patching it asap.
Sorry guys, the original sentence I wrote was a bit ambiguous. EA didn't make this recommendation; ReVuln recommended this action in their white paper. I've updated the post to reflect this.