search
My Profile
Follow Us
    
 

Vulnerabilies found in MW3 and CryEngine 3

by Reinhard Rheeder-Kleist (Choc_Salties)  Posted Monday, November 12, 2012 4:04:50 PM

           
Hit
 
0
 
 
Vulnerabilities in game clients or game servers are not a new thing, especially with the discovery of the IP spoofing attack based on the GETSTATUS command in Quake 3-based game engines. Now researchers at security consultancy ReVuln have found another two vulnerabilities, one in Call of Duty Modern Warfare 3 and another in the Crytek’s CryEngine 3. The findings were presented at the Power of Community (POC2012) security conference in Seoul last Friday.

The exploit discovered in Modern Warfare 3 as described, sounds similar to an attack causing an attacked server to either attack another server, or be forced to crash due to the attack. "This is something we have seen," Ferrante said. "We have a lot of companies that ask for these kinds of denial-of-service attacks to attack competitors. This is really a big concern for companies."

The second and potentially more dangerous vulnerability relates to Crytek’s CryEngine 3, allowing a remote user shell access to a client running a game based on a CryEngine 3-based game. Demonstration showed an attack on CryEngine 3 within the game Nexuiz. The attack, at the server level, enabled him to create a remote shell on a game-player's computer.

CryEngine_3_by_NaSoooRe.jpg

In the demonstration, the presenter caused an image of cat riding a rocket to be displayed on the victim's computer.

Donato Ferrante, one of the researchers from ReVuln said, "Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server.”

It seems that introduced vulnerabilities such as these demonstrated aren’t too much of a concern for gaming companies as much as it should be, where potentially these avenues to lead to serious invasions of privacy as well as security. Suppose a couple of class-action lawsuits might solve that when this gets out more.

Oh wait, American users signed those rights away when they accepted recent EULAs from most large game publishers with the “don’t sue me” clause. Oh well…

Thanks to Slashdot for the alert and Computerworld for the source


Gallery

cryengine3-logo.jpg  CryEngine_3_by_NaSoooRe.jpg 

Share This Article

           

 
comments powered by Disqus

1. DJ Hero 2 (Bundle)
Game Studio: Activision
Now R139.95

2. DJ Hero 2 (Bundle)
Game Studio: Activision
Now R139.95

3. ZOO TYCOON 2 COMPLETE
Publisher: UBISOFT
Now R88.95

4. Farming Simulator 2013
Publisher: Focus Home
Now R236.95

5. AGE OF EMPIRE 3 COMPLETE
Publisher: UBISOFT
Now R88.95

Kalahari.com
 A

1. The Sims 3 Island Paradise Limited Edition
Game Studio: Maxis
Now R219.95

2. The Last of Us
Publisher: SCEE
Now R563.95

3. Grand Theft Auto 5 (GTA V)
Publisher: Take 2
Now R644.95

4. Grid 2
Publisher: Codemasters
Now R483.95

5. Ashes Cricket 2013
Brand: 505 Games
Now R564.95

Kalahari.com