backtop


Print 62 comment(s) - last by NellyFromMA.. on Aug 1 at 7:37 AM

Assasin's Creed installs dangerous software -- can we say "class action lawsuit"?

Google, Inc. (GOOG) engineer Tavis Ormandy has created a world of woe for French software giant Ubisoft Entertainment S.A. (EPA:UBI) after he revealed that the company was endangering customers by installing dangerous software that opened a back-door to their machines.

Ubisoft is well known for its best-selling Assassin's Creed, Rayman, and Far Cry franchises, as well as a number of Tom Clancy titles (e.g. the Splinter Cell series).  But according to Mr. Ormandy, Ubisoft's recent software comes with a dangerous attachment -- a browser plugin designed to support the company's secured Uplay service.

The browser plug-in acts as an accidental Trojan, allows arbitrary code execution via the opened "door" inside the affected browser.  Ubisoft uses the plugin to check if the installed title is valid, allowing gamers access to online play and achievements.  But according to Mr. Ormandy hackers could also exploit the open door in escalation of privileges attacks on the users' machine.

Hundreds of thousands of PC gamers are believed to be affected.

Uplay Uplay
Ubisoft Uplay browser plugin allowed unauthorized acceess to users' machines.
[Image Source: Geek.com]

Affected titles include 5 Assassin’s Creed games, 3 Tom Clancy games, as well as popular titles such as Driver: San Francisco, and Settlers 7.  Mr. Ormandy first observed the exploitable plug-in while installing Assassin's Creed: Revelations.

Assassin's Creed
The exploitable plug-in came with installs of Assassin's Creed titles. [Image Source: IGN]

Ubisoft had already upset customers with its DRM scheme, as many complained that they had legitimately purchased titles, but were being locked out of gameplay when their machines were offline.  Ubisoft defended this policy.

Now it may be forced to defend itself in court against class action lawsuits for endangering its loyal customers.

The incident is eerily reminiscent to the rootkit discovered on Sony Corp. (TYO:6758) music CDs several years ago.  Sony was subsequently sued and forced into an apology/settlement for recklessly endangering its users.

Note: As the plug-in does not mask its presence, in its current form it is closer to an exploitable plug-in aka. an accidental Trojan than a rootkit by definition, hence the text was changed to correct this.

Sources: SecLists, Geek, Ycombinator News



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: DRM should be illegal
By nafhan on 7/30/2012 1:37:20 PM , Rating: 3
I hate DRM. However, I don't think "making it illegal" would work (even coming up with a good legal definition is problematic). I think this is a great case for when a class action lawsuit should occur. A class action suit hurts Ubi where it counts (the wallet), it would discourage others from engaging in similar behavior, AND it can happen within the existing legal framework - we don't need to wait for new laws in order to punish them.

Also, regarding DRM in general, Steam is an example of DRM done, I won't call it "right", but rather done good enough that I don't hate using it. They provide helpful services as part of the package, and generally improve the PC gaming experience for the users rather than just the publishers.

Onlive is another example of DRM done well (even if you feel like the actual gameplay is lacking). In fact, streaming and keeping 100% of the data server side is probably the future of DRM in general for all kinds of media.

The common thread between "reasonable" DRM like Steam, Onlive, and others (i.e. Netflix) is that the security methods are integrated into mechanisms that also provide an improved user experience.


RE: DRM should be illegal
By Motoman on 7/30/2012 1:53:20 PM , Rating: 2
Firstly, it's not the DRM itself from Steam or whatever that's causing you as a consumer to like the service. It's the service itself...take out whatever DRM portions are in there and leave the good stuff, and if nothing else Steam saves money/improves their margins. Whether or not they passed that savings on to you is another issue...

...also I'll just point out that if "100% server-side" is the future for all media, that'd cut your potential market by about 20%. 1 in 5 Americans live in rural areas that have no broadband access...and probably never will.Firstly, it's not the DRM itself from Steam or whatever that's causing you as a consumer to like the service. It's the service itself...take out whatever DRM portions are in there and leave the good stuff, and if nothing else Steam saves money/improves their margins. Whether or not they passed that savings on to you is another issue...

...also I'll just point out that if


RE: DRM should be illegal
By augiem on 7/30/2012 2:08:04 PM , Rating: 2
The current broadband coverage map makes cloud-based services less than optimal, but even so, its clearly on its way here as evidenced by the development of more and more cloud offerings year by year like all of Google's stuff, MS Office, OnPlay, etc. Yes, it's still early on, but it will happen, I hate to say.

Funny how we have come full circle. It feels like we're back in the 70's/80's days of dumb terminals with amber screens.


RE: DRM should be illegal
By nafhan on 7/30/2012 2:51:00 PM , Rating: 2
Agree in regards to Steam. Steam is good enough that it makes the DRM palatable (it helps that they do a good job of making it transparent to the user, too). It's certainly not good BECAUSE of the DRM. I wasn't meaning that. :)
quote:
if "100% server-side" is the future for all media, that'd cut your potential market by about 20%
???
--I said "the future of media", not the "right now of media".
--It seems unlikely that 20% of Americans will NEVER have broadband. Some smaller percentage, probably.
--The US isn't the whole world.
--Current BB penetration is probably pretty close to the maximum penetration rate for cable TV, and that wasn't a showstopper for cable.
--There's a huge difference between "potential market" and "people they actually care about selling service to". For all I know media companies may consider a large part of that 20% to be irrelevant for various reasons.


RE: DRM should be illegal
By augiem on 7/30/2012 2:03:38 PM , Rating: 2
quote:
In fact, streaming and keeping 100% of the data server side is probably the future of DRM in general for all kinds of media.


Yep, server-side software is definitely the long-term future. It guarantees 100% control by the company and near 0% piracy (near because someone could conceivably get ahold of the server software and run their own pirate server, but...). Not a good thing for the consumer, but for the companies its a win. I personally hate all the cloud crap, but there's really no escaping it.


RE: DRM should be illegal
By nafhan on 7/30/2012 3:17:55 PM , Rating: 2
quote:
Not a good thing for the consumer
Overall, completely agree. It's not a trend I personally like. However, for the non-technical consumer, there are a LOT of advantages to this approach - most of which boil down to "it's easy".


"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki