Follow Us
    
 

Vulnerabilies found in MW3 and CryEngine 3

by Reinhard Rheeder-Kleist (Choc_Salties)  Posted Monday, November 12, 2012 4:04:50 PM

  
Hit
 
0
 
 
Vulnerabilities in game clients or game servers are not a new thing, especially with the discovery of the IP spoofing attack based on the GETSTATUS command in Quake 3-based game engines. Now researchers at security consultancy ReVuln have found another two vulnerabilities, one in Call of Duty Modern Warfare 3 and another in the Crytek’s CryEngine 3. The findings were presented at the Power of Community (POC2012) security conference in Seoul last Friday.

The exploit discovered in Modern Warfare 3 as described, sounds similar to an attack causing an attacked server to either attack another server, or be forced to crash due to the attack. "This is something we have seen," Ferrante said. "We have a lot of companies that ask for these kinds of denial-of-service attacks to attack competitors. This is really a big concern for companies."

The second and potentially more dangerous vulnerability relates to Crytek’s CryEngine 3, allowing a remote user shell access to a client running a game based on a CryEngine 3-based game. Demonstration showed an attack on CryEngine 3 within the game Nexuiz. The attack, at the server level, enabled him to create a remote shell on a game-player's computer.

CryEngine_3_by_NaSoooRe.jpg

In the demonstration, the presenter caused an image of cat riding a rocket to be displayed on the victim's computer.

Donato Ferrante, one of the researchers from ReVuln said, "Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server.”

It seems that introduced vulnerabilities such as these demonstrated aren’t too much of a concern for gaming companies as much as it should be, where potentially these avenues to lead to serious invasions of privacy as well as security. Suppose a couple of class-action lawsuits might solve that when this gets out more.

Oh wait, American users signed those rights away when they accepted recent EULAs from most large game publishers with the “don’t sue me” clause. Oh well…

Thanks to Slashdot for the alert and Computerworld for the source


Gallery

cryengine3-logo.jpg  CryEngine_3_by_NaSoooRe.jpg 

Share This Article


 
comments powered by Disqus
Survey
 
Vote for your favourite April Game Release
View all releases













Submit Survey  View Results

1. Grand Theft Auto 5 (GTA V)
Platform: PS3
Now R699.00

2. Grand Theft Auto 5 (GTA V)
Platform: Xbox 360
Now R699.00

3. The Last of Us
Platform: PS3
Now R406.03

4. Diablo 3: Reaper of Souls (Expansion Pack)
Platform: PC
Now R379.00

5. Call Of Duty: Ghosts
Platform: PS3
Now R629.00

Kalahari.com
 

1. Enemy Front
Brand: City Interactive/CI Games
Now R559.00

2. Farming Simulator 14
Brand: Focus Home
Now R419.00

3. Tropico 5
Brand: Kalypso
Now R379.00

4. LEGO Hobbit
Platform: Nintendo Wii U
Now R539.00

5. The Amazing Spider-Man 2
Platform: Nintendo 3DS
Now R379.00

Kalahari.com