Print 62 comment(s) - last by NellyFromMA.. on Aug 1 at 7:37 AM

Assasin's Creed installs dangerous software -- can we say "class action lawsuit"?

Google, Inc. (GOOG) engineer Tavis Ormandy has created a world of woe for French software giant Ubisoft Entertainment S.A. (EPA:UBI) after he revealed that the company was endangering customers by installing dangerous software that opened a back-door to their machines.

Ubisoft is well known for its best-selling Assassin's Creed, Rayman, and Far Cry franchises, as well as a number of Tom Clancy titles (e.g. the Splinter Cell series).  But according to Mr. Ormandy, Ubisoft's recent software comes with a dangerous attachment -- a browser plugin designed to support the company's secured Uplay service.

The browser plug-in acts as an accidental Trojan, allows arbitrary code execution via the opened "door" inside the affected browser.  Ubisoft uses the plugin to check if the installed title is valid, allowing gamers access to online play and achievements.  But according to Mr. Ormandy hackers could also exploit the open door in escalation of privileges attacks on the users' machine.

Hundreds of thousands of PC gamers are believed to be affected.

Uplay Uplay
Ubisoft Uplay browser plugin allowed unauthorized acceess to users' machines.
[Image Source:]

Affected titles include 5 Assassin’s Creed games, 3 Tom Clancy games, as well as popular titles such as Driver: San Francisco, and Settlers 7.  Mr. Ormandy first observed the exploitable plug-in while installing Assassin's Creed: Revelations.

Assassin's Creed
The exploitable plug-in came with installs of Assassin's Creed titles. [Image Source: IGN]

Ubisoft had already upset customers with its DRM scheme, as many complained that they had legitimately purchased titles, but were being locked out of gameplay when their machines were offline.  Ubisoft defended this policy.

Now it may be forced to defend itself in court against class action lawsuits for endangering its loyal customers.

The incident is eerily reminiscent to the rootkit discovered on Sony Corp. (TYO:6758) music CDs several years ago.  Sony was subsequently sued and forced into an apology/settlement for recklessly endangering its users.

Note: As the plug-in does not mask its presence, in its current form it is closer to an exploitable plug-in aka. an accidental Trojan than a rootkit by definition, hence the text was changed to correct this.

Sources: SecLists, Geek, Ycombinator News

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: DRM should be illegal
By ritualm on 7/30/2012 1:56:03 PM , Rating: 0
Motoman, you realized this is exactly the reason why the Kensington lock port exists in the first place? Those fancy laptop locks never stop anyone from stealing whatever they're locked to, it just makes them get worked over, in the hopes that you never encounter the one percent...

RE: DRM should be illegal
By Motoman on 7/30/2012 1:59:28 PM , Rating: 2
You're missing the point - this isn't like stealing a laptop that's been locked, thereby dissuading the "casual" thief.

There only has to be 1 person in the world who can defeat a given DRM thing and then post a torrent of the software. Then *boom* - everyone in the world who wants the product in a pirated format can have it. There's no valid analogy to locking a physical thing...because the person downloading the pirated copy doesn't have to do *anything* in order to get their pirated copy. Other than click a link, that is.You're missing the point - this isn't like stealing a laptop that's been locked, thereby dissuading the

RE: DRM should be illegal
By ritualm on 7/30/2012 2:17:54 PM , Rating: 3
DRM hugely inconveniences legal uses while doing nothing to hinder illegal activity.

Laptop locks are cumbersome to use, yet they do jack in protecting laptops from being stolen.

Granted, they're not the same things, but the premise is similar - in an attempt to thwart the one percent, they demonize the other 99%.

RE: DRM should be illegal
By Helbore on 7/30/2012 2:57:52 PM , Rating: 4
Laptop locks don't demonize the 99%, though. They are not forced on people and those who choose to use them don't negatively affect those who don't want them.

RE: DRM should be illegal
By fic2 on 7/30/2012 4:53:37 PM , Rating: 5
Better analogy would be to have to prove you are owner of the laptop every time you wanted to use it. And prove it to the OEM.

"We’re Apple. We don’t wear suits. We don’t even own suits." -- Apple CEO Steve Jobs

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Laptop or Tablet - Which Do You Prefer?
September 20, 2016, 6:32 AM
Update: Samsung Exchange Program Now in Progress
September 20, 2016, 5:30 AM
Smartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki