Vulnerabilities in game clients or game servers are not a new thing, especially with the discovery of the IP spoofing attack based on the GETSTATUS command in Quake 3-based game engines. Now researchers at security consultancy ReVuln have found another two vulnerabilities, one in Call of Duty Modern Warfare 3
and another in the Crytek’s CryEngine 3. The findings were presented at the Power of Community (POC2012) security conference in Seoul last Friday.
The exploit discovered in Modern Warfare 3
as described, sounds similar to an attack causing an attacked server to either attack another server, or be forced to crash due to the attack. "This is something we have seen," Ferrante said. "We have a lot of companies that ask for these kinds of denial-of-service attacks to attack competitors. This is really a big concern for companies."
The second and potentially more dangerous vulnerability relates to Crytek’s CryEngine 3, allowing a remote user shell access to a client running a game based on a CryEngine 3-based game. Demonstration showed an attack on CryEngine 3 within the game Nexuiz
. The attack, at the server level, enabled him to create a remote shell on a game-player's computer.
In the demonstration, the presenter caused an image of cat riding a rocket to be displayed on the victim's computer.
Donato Ferrante, one of the researchers from ReVuln said, "Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server.”
It seems that introduced vulnerabilities such as these demonstrated aren’t too much of a concern for gaming companies as much as it should be, where potentially these avenues to lead to serious invasions of privacy as well as security. Suppose a couple of class-action lawsuits might solve that when this gets out more.
Oh wait, American users signed those rights away when they accepted recent EULAs from most large game publishers with the “don’t sue me” clause. Oh well…
Thanks to Slashdot for the alert and Computerworld for the source