backtop


Print 62 comment(s) - last by NellyFromMA.. on Aug 1 at 7:37 AM

Assasin's Creed installs dangerous software -- can we say "class action lawsuit"?

Google, Inc. (GOOG) engineer Tavis Ormandy has created a world of woe for French software giant Ubisoft Entertainment S.A. (EPA:UBI) after he revealed that the company was endangering customers by installing dangerous software that opened a back-door to their machines.

Ubisoft is well known for its best-selling Assassin's Creed, Rayman, and Far Cry franchises, as well as a number of Tom Clancy titles (e.g. the Splinter Cell series).  But according to Mr. Ormandy, Ubisoft's recent software comes with a dangerous attachment -- a browser plugin designed to support the company's secured Uplay service.

The browser plug-in acts as an accidental Trojan, allows arbitrary code execution via the opened "door" inside the affected browser.  Ubisoft uses the plugin to check if the installed title is valid, allowing gamers access to online play and achievements.  But according to Mr. Ormandy hackers could also exploit the open door in escalation of privileges attacks on the users' machine.

Hundreds of thousands of PC gamers are believed to be affected.

Uplay Uplay
Ubisoft Uplay browser plugin allowed unauthorized acceess to users' machines.
[Image Source: Geek.com]

Affected titles include 5 Assassin’s Creed games, 3 Tom Clancy games, as well as popular titles such as Driver: San Francisco, and Settlers 7.  Mr. Ormandy first observed the exploitable plug-in while installing Assassin's Creed: Revelations.

Assassin's Creed
The exploitable plug-in came with installs of Assassin's Creed titles. [Image Source: IGN]

Ubisoft had already upset customers with its DRM scheme, as many complained that they had legitimately purchased titles, but were being locked out of gameplay when their machines were offline.  Ubisoft defended this policy.

Now it may be forced to defend itself in court against class action lawsuits for endangering its loyal customers.

The incident is eerily reminiscent to the rootkit discovered on Sony Corp. (TYO:6758) music CDs several years ago.  Sony was subsequently sued and forced into an apology/settlement for recklessly endangering its users.

Note: As the plug-in does not mask its presence, in its current form it is closer to an exploitable plug-in aka. an accidental Trojan than a rootkit by definition, hence the text was changed to correct this.

Sources: SecLists, Geek, Ycombinator News



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: DRM should be illegal
By sprockkets on 7/30/2012 1:15:41 PM , Rating: 3
Well, to me, not all "DRM" is bad. The original Star Craft had a keycode, but didn't phone home, didn't require an internet connection, and sold like crazy.

Steam has some form of DRM (right?), but it works so nicely who notices?

DRM on apple's platform works well too.


RE: DRM should be illegal
By Motoman on 7/30/2012 1:23:00 PM , Rating: 3
...the point being that, at a bare minimum, the DRM does nothing to prevent piracy and increases the cost of production, and therefore the cost to the consumer.

Why have all parties involved pay more for something that is 100% ineffectual in the best possible case?


RE: DRM should be illegal
By ritualm on 7/30/12, Rating: 0
RE: DRM should be illegal
By Motoman on 7/30/2012 1:59:28 PM , Rating: 2
You're missing the point - this isn't like stealing a laptop that's been locked, thereby dissuading the "casual" thief.

There only has to be 1 person in the world who can defeat a given DRM thing and then post a torrent of the software. Then *boom* - everyone in the world who wants the product in a pirated format can have it. There's no valid analogy to locking a physical thing...because the person downloading the pirated copy doesn't have to do *anything* in order to get their pirated copy. Other than click a link, that is.You're missing the point - this isn't like stealing a laptop that's been locked, thereby dissuading the


RE: DRM should be illegal
By ritualm on 7/30/2012 2:17:54 PM , Rating: 3
DRM hugely inconveniences legal uses while doing nothing to hinder illegal activity.

Laptop locks are cumbersome to use, yet they do jack in protecting laptops from being stolen.

Granted, they're not the same things, but the premise is similar - in an attempt to thwart the one percent, they demonize the other 99%.


RE: DRM should be illegal
By Helbore on 7/30/2012 2:57:52 PM , Rating: 4
Laptop locks don't demonize the 99%, though. They are not forced on people and those who choose to use them don't negatively affect those who don't want them.


RE: DRM should be illegal
By fic2 on 7/30/2012 4:53:37 PM , Rating: 5
Better analogy would be to have to prove you are owner of the laptop every time you wanted to use it. And prove it to the OEM.


RE: DRM should be illegal
By sprockkets on 7/30/2012 1:56:01 PM , Rating: 1
You can't make piracy impossible, but you can make it difficult. If it is difficult for the typical person and the DRM system in place makes it easy and fair, the idea is piracy is reduced by a fair amount.


RE: DRM should be illegal
By Motoman on 7/30/2012 2:01:24 PM , Rating: 5
No, it isn't.

As I just noted above, there only needs to be 1 person in the world who can defeat the DRM - and then *poof* it's all over. The software is in a torrent, and everybody can have at it.

Making it difficult for 99% of the population to break the DRM is irrelevant - they're not the ones that are going to even try. And it doesn't reduce piracy AT ALL. So long as one person breaks the DRM and posts the torrent, the DRM is worthless.

...and as noted, there has never, ever, been a case where any DRM has ever managed to prevent piracy. And there never will be.


RE: DRM should be illegal
By sprockkets on 7/30/2012 3:01:41 PM , Rating: 3
You can get a torrent, but that doesn't guarantee online play, nor getting future updates.

And if it is reasonably priced like on steam, convenience trumps piracy.

quote:
As I just noted above, there only needs to be 1 person in the world who can defeat the DRM - and then *poof* it's all over. The software is in a torrent, and everybody can have at it.


Not really. Windows 7 was cracked, then MS patched the holes. Then another crack worked, and then was patched. While you can use Win7 without updates, MS has made it inconvenient enough to not make it worthwhile (like not being able to use their a/v).

Also, people jailbreak iphones as well, but it is going to be much harder to exploit with memory address randomization and other techniques to foil hacking. The goal again, is to make it worth while to pay for apps instead of pirating.

You can't tell me apple's encrypting apps and secure app store hasn't affected piracy. Even google is going to encrypt paid apps for 4.1 with the intent of telling developers that they want them to make money selling their apps.


RE: DRM should be illegal
By Motoman on 7/30/2012 3:21:54 PM , Rating: 2
You can have an endless cycle of patching and hacking. It will never end.

The fact of the matter is that AT BEST DRM needlessly costs the publisher and consumer more money for no effect at preventing someone, somewhere in the world, from creating a pirated copy and posting it on the internet. At worst, it punishes legitimate consumers with onerous restrictions on what they can do with their product and can make their computers unstable and/or open to attack. That's the best it gets. So why have it?

If you're intent on getting whatever app you want in a pirated format, you'll find it somewhere. The people who buy things from the Apple App Store et al aren't the people who are going to be going looking for pirated stuff anyway - hence, the any and all DRM applied to them is irrelevant.


RE: DRM should be illegal
By SPOOFE on 7/30/12, Rating: 0
RE: DRM should be illegal
By Motoman on 7/30/2012 3:15:28 PM , Rating: 2
...you're not even connected to the topic at hand, as far as I can tell...


RE: DRM should be illegal
By SPOOFE on 7/30/12, Rating: 0
RE: DRM should be illegal
By Motoman on 7/30/2012 5:44:41 PM , Rating: 4
Oh, I'm aware that I'm part of a tiny percentage. I'm capable of rational thought, for example, and would test at acceptable levels for usage of the English language - that puts me in some kind of 1% I'm sure.

But more to the point, you're wildly mistaken. Your "salient" point isn't. The "average person" who wouldn't know what a torrent is isn't the person who's either going to work on defeating the DRM, nor are they the person who's going to go looking for a torrent to download and install. Hence, there is no benefit to the publisher of inflicting DRM on them. All the DRM does for that average person is raise the cost of the product (for them and the publisher) and potentially destabilize their PC if the DRM is coded poorly...not to mention inflicting whatever DRM restrictions on said user that the publisher wants to do, like not allowing you to reinstall your game when you later buy a new PC.

For the 1% that *is* capable/inclined to either defeat DRM and/or go and find the torrents, the DRM doesn't prevent them from doing what they want to do...so, again, why even bother with the DRM at all?

No upside. For anyone. All downside. For everyone.


RE: DRM should be illegal
By SPOOFE on 7/31/2012 1:55:40 PM , Rating: 1
quote:
The "average person" who wouldn't know what a torrent is isn't the person who's either going to work on defeating the DRM,

Yes, exactly, that's my point. It's funny that you say my point isn't salient, but then go and re-assert it for me.

Back in the day of early PC gaming - which you clearly don't remember, Mr. 13 Years Old - many games were "pirated" by people who simply didn't realize they were "pirating" them. DRM stops these people, as you admit.

quote:
Hence, there is no benefit to the publisher of inflicting DRM on them.

Except they can't casually spread their games around. Not everyone who pirates a game does so with the intention of actually pirating it... but then, if you were as "capable of rational thought" as you apparently think you are, you'd be able to put 2 and 2 together.

[quote]so, again, why even bother with the DRM at all?[/quote]
To annoy you. That's it. You've stumbled on the Mysterious Secret Answer: The entire gaming industry is specifically geared against YOU, personally. Everyone hates you, so DRM. Obviously. Stupid.


RE: DRM should be illegal
By SPOOFE on 7/30/2012 3:06:43 PM , Rating: 1
quote:
The software is in a torrent, and everybody can have at it.

And the average person is now asking, "What's a torrent?"

If you're even discussing this on the Internet, you are NOT the sort of person DRM works on. But you are a MINORITY.


RE: DRM should be illegal
By Motoman on 7/30/2012 3:17:54 PM , Rating: 5
An average person who doesn't know what a torrent is isn't a suspect to get a pirated copy (or make a pirated copy) of anything anyway. Therefore the DRM does nothing but add inconvenience to that legitimate user and raise the cost of the product, both for the consumer and the publisher. Not to mention possibly making that average person's PC unstable and/or open to attack by the DRM.

It's becoming clear that the only minority around here is the percentage of working brain cells in your skull.


RE: DRM should be illegal
By SPOOFE on 7/30/12, Rating: -1
RE: DRM should be illegal
By Motoman on 7/30/2012 5:45:59 PM , Rating: 2
Wow, nice little rant there. I've already demonstrated above that your opinion is wrong. Sticking your head in the sand and pretending that I didn't - and then launching an ad hominem attack - isn't going to change that fact.


RE: DRM should be illegal
By SPOOFE on 7/31/2012 1:58:58 PM , Rating: 2
Oh please, you brainless little puke, an ad hominem attack is merely insults instead of a proper response; not a proper response AND insults together (like chocolate in your peanut butter, together at last!).

You haven't demonstrated anything other than your Brainless Follower mentality. You're just regurgitating the party line that idiotic children like yourself have been WAAAAAAAAAHmbulancing about for a decade. The simple fact that you're capable of ignoring reality simply proves that reality is easy to ignore. Impressed = No.


RE: DRM should be illegal
By Captin Crunch on 7/30/2012 7:24:13 PM , Rating: 2
Schooled


“So far we have not seen a single Android device that does not infringe on our patents." -- Microsoft General Counsel Brad Smith














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki