Print 62 comment(s) - last by NellyFromMA.. on Aug 1 at 7:37 AM

Assasin's Creed installs dangerous software -- can we say "class action lawsuit"?

Google, Inc. (GOOG) engineer Tavis Ormandy has created a world of woe for French software giant Ubisoft Entertainment S.A. (EPA:UBI) after he revealed that the company was endangering customers by installing dangerous software that opened a back-door to their machines.

Ubisoft is well known for its best-selling Assassin's Creed, Rayman, and Far Cry franchises, as well as a number of Tom Clancy titles (e.g. the Splinter Cell series).  But according to Mr. Ormandy, Ubisoft's recent software comes with a dangerous attachment -- a browser plugin designed to support the company's secured Uplay service.

The browser plug-in acts as an accidental Trojan, allows arbitrary code execution via the opened "door" inside the affected browser.  Ubisoft uses the plugin to check if the installed title is valid, allowing gamers access to online play and achievements.  But according to Mr. Ormandy hackers could also exploit the open door in escalation of privileges attacks on the users' machine.

Hundreds of thousands of PC gamers are believed to be affected.

Uplay Uplay
Ubisoft Uplay browser plugin allowed unauthorized acceess to users' machines.
[Image Source:]

Affected titles include 5 Assassin’s Creed games, 3 Tom Clancy games, as well as popular titles such as Driver: San Francisco, and Settlers 7.  Mr. Ormandy first observed the exploitable plug-in while installing Assassin's Creed: Revelations.

Assassin's Creed
The exploitable plug-in came with installs of Assassin's Creed titles. [Image Source: IGN]

Ubisoft had already upset customers with its DRM scheme, as many complained that they had legitimately purchased titles, but were being locked out of gameplay when their machines were offline.  Ubisoft defended this policy.

Now it may be forced to defend itself in court against class action lawsuits for endangering its loyal customers.

The incident is eerily reminiscent to the rootkit discovered on Sony Corp. (TYO:6758) music CDs several years ago.  Sony was subsequently sued and forced into an apology/settlement for recklessly endangering its users.

Note: As the plug-in does not mask its presence, in its current form it is closer to an exploitable plug-in aka. an accidental Trojan than a rootkit by definition, hence the text was changed to correct this.

Sources: SecLists, Geek, Ycombinator News

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: DRM should be illegal
By SPOOFE on 7/30/2012 3:06:43 PM , Rating: 1
The software is in a torrent, and everybody can have at it.

And the average person is now asking, "What's a torrent?"

If you're even discussing this on the Internet, you are NOT the sort of person DRM works on. But you are a MINORITY.

RE: DRM should be illegal
By Motoman on 7/30/2012 3:17:54 PM , Rating: 5
An average person who doesn't know what a torrent is isn't a suspect to get a pirated copy (or make a pirated copy) of anything anyway. Therefore the DRM does nothing but add inconvenience to that legitimate user and raise the cost of the product, both for the consumer and the publisher. Not to mention possibly making that average person's PC unstable and/or open to attack by the DRM.

It's becoming clear that the only minority around here is the percentage of working brain cells in your skull.

RE: DRM should be illegal
By SPOOFE on 7/30/12, Rating: -1
RE: DRM should be illegal
By Motoman on 7/30/2012 5:45:59 PM , Rating: 2
Wow, nice little rant there. I've already demonstrated above that your opinion is wrong. Sticking your head in the sand and pretending that I didn't - and then launching an ad hominem attack - isn't going to change that fact.

RE: DRM should be illegal
By SPOOFE on 7/31/2012 1:58:58 PM , Rating: 2
Oh please, you brainless little puke, an ad hominem attack is merely insults instead of a proper response; not a proper response AND insults together (like chocolate in your peanut butter, together at last!).

You haven't demonstrated anything other than your Brainless Follower mentality. You're just regurgitating the party line that idiotic children like yourself have been WAAAAAAAAAHmbulancing about for a decade. The simple fact that you're capable of ignoring reality simply proves that reality is easy to ignore. Impressed = No.

RE: DRM should be illegal
By Captin Crunch on 7/30/2012 7:24:13 PM , Rating: 2

"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki