Ubisoft Caught Installing Exploitable DRM Plug-in on Users' Machines
July 30, 2012 11:44 AM
comment(s) - last by
Assasin's Creed installs dangerous software -- can we say "class action lawsuit"?
Google, Inc. (
) engineer Tavis Ormandy has created a world of woe for French
software giant Ubisoft
Entertainment S.A. (
) after he
that the company was endangering customers by installing dangerous software that opened a back-door to their machines.
Ubisoft is well known for its
franchises, as well as a number of Tom Clancy titles (e.g. the
series). But according to Mr. Ormandy, Ubisoft's recent software comes with a dangerous attachment -- a browser plugin designed to support the company's secured Uplay service.
The browser plug-in acts as an accidental Trojan, allows arbitrary code execution via the opened "door" inside the affected browser. Ubisoft uses the plugin to check if the installed title is valid, allowing gamers access to online play and achievements. But according to Mr. Ormandy hackers could also exploit the open door in escalation of privileges attacks on the users' machine.
Hundreds of thousands of PC gamers are believed to be affected.
Ubisoft Uplay browser plugin allowed unauthorized acceess to users' machines.
[Image Source: Geek.com]
Affected titles include 5
games, as well as popular titles such as
Driver: San Francisco
. Mr. Ormandy first observed the exploitable plug-in while installing
Assassin's Creed: Revelations
The exploitable plug-in came with installs of Assassin's Creed titles. [Image Source: IGN]
Ubisoft had already upset customers with its DRM scheme, as many complained that they had legitimately purchased titles, but were being locked out of gameplay when their machines were offline. Ubisoft defended this policy.
Now it may be forced to defend itself in court against class action lawsuits for endangering its loyal customers.
The incident is eerily reminiscent to the rootkit discovered on Sony Corp. (
) music CDs several years ago. Sony was
subsequently sued and forced into an apology/settlement
for recklessly endangering its users.
As the plug-in does not mask its presence, in its current form it is closer to an exploitable plug-in aka. an accidental Trojan than a rootkit by definition, hence the text was changed to correct this.
This article is over a month old, voting and posting comments is disabled
RE: DRM should be illegal
7/30/2012 3:21:54 PM
You can have an endless cycle of patching and hacking. It will never end.
The fact of the matter is that AT BEST DRM needlessly costs the publisher and consumer more money for no effect at preventing someone, somewhere in the world, from creating a pirated copy and posting it on the internet. At worst, it punishes legitimate consumers with onerous restrictions on what they can do with their product and can make their computers unstable and/or open to attack. That's the best it gets. So why have it?
If you're intent on getting whatever app you want in a pirated format, you'll find it somewhere. The people who buy things from the Apple App Store et al aren't the people who are going to be going looking for pirated stuff anyway - hence, the any and all DRM applied to them is irrelevant.
"It seems as though my state-funded math degree has failed me. Let the lashings commence." -- DailyTech Editor-in-Chief Kristopher Kubicki
"Call of Juarez: The Cartel" Angers Critics, May be Banned in Mexico
February 22, 2011, 10:01 AM
Assassin's Creed II Stabs Its Way to Success With 1.6 Million Units Sold
November 26, 2009, 9:00 AM
The EFF Wants You to Know About Sony BMG Settlement
March 13, 2006, 2:17 AM
AMD CEO: Windows 10 Will Launch at "The End of July"
April 20, 2015, 7:24 PM
Testers Trolled by Promise of Uninstallable Windows 10 Preview Build 10061
April 16, 2015, 2:52 PM
Rumors Heat up About 2016 Windows 10.1 (Windows "Redstone") Release
April 8, 2015, 9:26 PM
Report: Windows 10 Successor is Codenamed "Redstone" After Minecraft Item
April 7, 2015, 2:03 PM
Windows 10 Build 10049 Installation May Take Hours, Will Fail if You Have < 8 GB
March 31, 2015, 2:59 PM
Windows 10 Build 10049 Airs, Complete With Project Spartan Browser
March 30, 2015, 7:12 PM
Most Popular Articles
Windows 10 Build 10061: A Quick Review
April 27, 2015, 10:57 AM
Ding Dong the Deal is Dead: What's Next After Failed Comcast/TWC Merger
April 28, 2015, 2:06 PM
Report: Apple Pulls the Plug on Apple Watch Store Launch
April 16, 2015, 3:18 PM
Quick Note: Lady Macbath -- One Japanese Woman's Apple Themed Revenge
April 23, 2015, 11:47 AM
After Record-Setting Week, Samsung Predicts 70 Million GS6/GS6 Edge Sales
April 17, 2015, 8:39 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information