Print 62 comment(s) - last by NellyFromMA.. on Aug 1 at 7:37 AM

Assasin's Creed installs dangerous software -- can we say "class action lawsuit"?

Google, Inc. (GOOG) engineer Tavis Ormandy has created a world of woe for French software giant Ubisoft Entertainment S.A. (EPA:UBI) after he revealed that the company was endangering customers by installing dangerous software that opened a back-door to their machines.

Ubisoft is well known for its best-selling Assassin's Creed, Rayman, and Far Cry franchises, as well as a number of Tom Clancy titles (e.g. the Splinter Cell series).  But according to Mr. Ormandy, Ubisoft's recent software comes with a dangerous attachment -- a browser plugin designed to support the company's secured Uplay service.

The browser plug-in acts as an accidental Trojan, allows arbitrary code execution via the opened "door" inside the affected browser.  Ubisoft uses the plugin to check if the installed title is valid, allowing gamers access to online play and achievements.  But according to Mr. Ormandy hackers could also exploit the open door in escalation of privileges attacks on the users' machine.

Hundreds of thousands of PC gamers are believed to be affected.

Uplay Uplay
Ubisoft Uplay browser plugin allowed unauthorized acceess to users' machines.
[Image Source:]

Affected titles include 5 Assassin’s Creed games, 3 Tom Clancy games, as well as popular titles such as Driver: San Francisco, and Settlers 7.  Mr. Ormandy first observed the exploitable plug-in while installing Assassin's Creed: Revelations.

Assassin's Creed
The exploitable plug-in came with installs of Assassin's Creed titles. [Image Source: IGN]

Ubisoft had already upset customers with its DRM scheme, as many complained that they had legitimately purchased titles, but were being locked out of gameplay when their machines were offline.  Ubisoft defended this policy.

Now it may be forced to defend itself in court against class action lawsuits for endangering its loyal customers.

The incident is eerily reminiscent to the rootkit discovered on Sony Corp. (TYO:6758) music CDs several years ago.  Sony was subsequently sued and forced into an apology/settlement for recklessly endangering its users.

Note: As the plug-in does not mask its presence, in its current form it is closer to an exploitable plug-in aka. an accidental Trojan than a rootkit by definition, hence the text was changed to correct this.

Sources: SecLists, Geek, Ycombinator News

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: DRM should be illegal
By Motoman on 7/30/2012 5:44:41 PM , Rating: 4
Oh, I'm aware that I'm part of a tiny percentage. I'm capable of rational thought, for example, and would test at acceptable levels for usage of the English language - that puts me in some kind of 1% I'm sure.

But more to the point, you're wildly mistaken. Your "salient" point isn't. The "average person" who wouldn't know what a torrent is isn't the person who's either going to work on defeating the DRM, nor are they the person who's going to go looking for a torrent to download and install. Hence, there is no benefit to the publisher of inflicting DRM on them. All the DRM does for that average person is raise the cost of the product (for them and the publisher) and potentially destabilize their PC if the DRM is coded poorly...not to mention inflicting whatever DRM restrictions on said user that the publisher wants to do, like not allowing you to reinstall your game when you later buy a new PC.

For the 1% that *is* capable/inclined to either defeat DRM and/or go and find the torrents, the DRM doesn't prevent them from doing what they want to, again, why even bother with the DRM at all?

No upside. For anyone. All downside. For everyone.

RE: DRM should be illegal
By SPOOFE on 7/31/2012 1:55:40 PM , Rating: 1
The "average person" who wouldn't know what a torrent is isn't the person who's either going to work on defeating the DRM,

Yes, exactly, that's my point. It's funny that you say my point isn't salient, but then go and re-assert it for me.

Back in the day of early PC gaming - which you clearly don't remember, Mr. 13 Years Old - many games were "pirated" by people who simply didn't realize they were "pirating" them. DRM stops these people, as you admit.

Hence, there is no benefit to the publisher of inflicting DRM on them.

Except they can't casually spread their games around. Not everyone who pirates a game does so with the intention of actually pirating it... but then, if you were as "capable of rational thought" as you apparently think you are, you'd be able to put 2 and 2 together.

[quote]so, again, why even bother with the DRM at all?[/quote]
To annoy you. That's it. You've stumbled on the Mysterious Secret Answer: The entire gaming industry is specifically geared against YOU, personally. Everyone hates you, so DRM. Obviously. Stupid.

"We shipped it on Saturday. Then on Sunday, we rested." -- Steve Jobs on the iPad launch

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki