One of the Google engineers, Tavis Ormandy, has stumbled upon what looks like a serious vulnerability in Ubisoft’s DRM system. After Ormandy purchased an Ubisoft game, he discovered that its Uplay browser plugin has security issues, because it allows for remote and “wide” access to the PCs running the DRM.
DRM is known as Digital Rights Management – an important instrument against piracy, which allows developers to track who is allowed to copy, install and use their products. Nevertheless, the DRM system in many cases failed to work properly, leading to unwanted side-effects causing frustration for legal users. In other words, while pirated versions of the software were working just fine, the owners of licensed copies experienced troubles.
Tavis Ormandy pointed out that the Uplay DRM system, designed and used by Ubisoft, may worsen things. The matter is that the engineer bought a video game Assassin’s Creed Revelations while being on vacation. Although he hadn’t played it much, it seemed fun to him. But the issue was the following: Ormandy noticed the installation procedure creating a browser plugin for its Uplay launcher. The latter, very unexpectedly, granted wide access to the websites. The engineer had some doubts that it was by design, and thought that someone may want to look into it. Next day Ormandy submitted it to Ubisoft through the online form.
In short words, the hackers are able to easily benefit from this flaw once they figure it out, using it for malicious software, keyloggers, bots, and so on. Meanwhile, the list of games using this DRM is very long, including the Assassins Creed series, Tom Clancy games, Call of Juarez: The Cartel, Silent Hunter 5: Battle of the Atlantic, and Driver: San Francisco. a
DRM is known as Digital Rights Management – an important instrument against piracy, which allows developers to track who is allowed to copy, install and use their products. Nevertheless, the DRM system in many cases failed to work properly, leading to unwanted side-effects causing frustration for legal users. In other words, while pirated versions of the software were working just fine, the owners of licensed copies experienced troubles.
Tavis Ormandy pointed out that the Uplay DRM system, designed and used by Ubisoft, may worsen things. The matter is that the engineer bought a video game Assassin’s Creed Revelations while being on vacation. Although he hadn’t played it much, it seemed fun to him. But the issue was the following: Ormandy noticed the installation procedure creating a browser plugin for its Uplay launcher. The latter, very unexpectedly, granted wide access to the websites. The engineer had some doubts that it was by design, and thought that someone may want to look into it. Next day Ormandy submitted it to Ubisoft through the online form.
In short words, the hackers are able to easily benefit from this flaw once they figure it out, using it for malicious software, keyloggers, bots, and so on. Meanwhile, the list of games using this DRM is very long, including the Assassins Creed series, Tom Clancy games, Call of Juarez: The Cartel, Silent Hunter 5: Battle of the Atlantic, and Driver: San Francisco. a
No comments:
Post a Comment