Ubisoft Caught Installing Exploitable DRM Plug-in on Users' Machines
July 30, 2012 11:44 AM
comment(s) - last by
Assasin's Creed installs dangerous software -- can we say "class action lawsuit"?
Google, Inc. (
) engineer Tavis Ormandy has created a world of woe for French
software giant Ubisoft
Entertainment S.A. (
) after he
that the company was endangering customers by installing dangerous software that opened a back-door to their machines.
Ubisoft is well known for its
franchises, as well as a number of Tom Clancy titles (e.g. the
series). But according to Mr. Ormandy, Ubisoft's recent software comes with a dangerous attachment -- a browser plugin designed to support the company's secured Uplay service.
The browser plug-in acts as an accidental Trojan, allows arbitrary code execution via the opened "door" inside the affected browser. Ubisoft uses the plugin to check if the installed title is valid, allowing gamers access to online play and achievements. But according to Mr. Ormandy hackers could also exploit the open door in escalation of privileges attacks on the users' machine.
Hundreds of thousands of PC gamers are believed to be affected.
Ubisoft Uplay browser plugin allowed unauthorized acceess to users' machines.
[Image Source: Geek.com]
Affected titles include 5
games, as well as popular titles such as
Driver: San Francisco
. Mr. Ormandy first observed the exploitable plug-in while installing
Assassin's Creed: Revelations
The exploitable plug-in came with installs of Assassin's Creed titles. [Image Source: IGN]
Ubisoft had already upset customers with its DRM scheme, as many complained that they had legitimately purchased titles, but were being locked out of gameplay when their machines were offline. Ubisoft defended this policy.
Now it may be forced to defend itself in court against class action lawsuits for endangering its loyal customers.
The incident is eerily reminiscent to the rootkit discovered on Sony Corp. (
) music CDs several years ago. Sony was
subsequently sued and forced into an apology/settlement
for recklessly endangering its users.
As the plug-in does not mask its presence, in its current form it is closer to an exploitable plug-in aka. an accidental Trojan than a rootkit by definition, hence the text was changed to correct this.
This article is over a month old, voting and posting comments is disabled
RE: DRM should be illegal
7/31/2012 12:52:51 PM
Seriously? All software should simply be open source because essentially profit and software do not go hand in hand?
I have to say I can't disagree more with your opinion (to which you are entitled). I too am a developer and luckily we do not face any real piracy as we have a niche group of customers. So for that, I am thankful... because IF we did, almost surely jobs would be lost.
The thought that someone would invest time and money into something that (if I understand you correctly) essentially returns no profits just isn't sensible from a real life practicality point of view.
You're also assessing the current pay model with manufacturing which in itself is not a good comparison. Maybe we should measure the benefits received as a result of the contribution of the developers/business? If you don't want to pay for it, you must not need it. Or, if you do, why shouldn't the developers/business be rewarded?
Because it doesn't cost to replicate? It actually does almost always cost because ultimately someone needs to be funded to write it anyways.
Idk, I'm not disrespecting your opinion, and I get your basis (I like to play devils advocate and have used that very same arguement to argue the point you are, except it was movies and music) I just don't agree with it at the end of the day.
Because a bueinss model can be more efficient or isn't restricted to the physical contraints of material objects manufactured and sold doesn't invalidate its value. It does not imply it should be free unless the authors/owners decide they want to give it away. We have the right NOT to pay for it and not use. To not pay for it AND circumvent what has been implemented to protect their investment is frankly what is wrong IMO. Not that I agree with those implementations being invasive (like rootkits, which it turns out this is not) but I totally would secure my investment. You'd be foolish not to. It's about profits, not charity (most of the time)
RE: DRM should be illegal
7/31/2012 3:58:54 PM
I think a big part of the problem in general is that people do not think of digital goods the same as they do physical. Because it can be copied 100% with the push of a button, suddenly it seems as if it took no work to create and its not harming anyone if you just take it. A very small percentage of people in the first world would even steal a candy bar from a grocery store, but a very large percentage of them have, would, and do steal digital goods. Its a dangerous attitude that could ultimately lead to complete devaluation of all art forms that can be distributed digitally. Stealing digitial goods is awesome so long as there is a huge library of good content to steal from, but if the monetary incentive dries up, nobody will be producing those goods anymore for everyone to steal. Rampant, casual piracy has just been a normal part of daily life in East Asia, Russia, and eastern Eurpoe for the last 30 years or so, but they couldn't have had access to that catalog of free content were it not for all the people supporting its production by paying for it in the USA, UK, France, etc. It's kind of like socialism/communism. It works great until your stockpile of rich people on which you have been feeding is dried up. The scary/sad part is, in the first world, especially among the youth, the attitude that digital content has no intrinsic value is only getting more prevalant year after year.
RE: DRM should be illegal
8/1/2012 7:37:14 AM
In general, I think the upcoming generation doesn't really have a firm grasp on nor do they seem to place or assess any real value in much of anything.
I agree with all of what you've said though.
"If you mod me down, I will become more insightful than you can possibly imagine." -- Slashdot
"Call of Juarez: The Cartel" Angers Critics, May be Banned in Mexico
February 22, 2011, 10:01 AM
Assassin's Creed II Stabs Its Way to Success With 1.6 Million Units Sold
November 26, 2009, 9:00 AM
The EFF Wants You to Know About Sony BMG Settlement
March 13, 2006, 2:17 AM
Microsoft Wants Windows 8.1 Inside Children's Toys, Appliances
August 20, 2014, 3:20 PM
Report: Windows 9 “Threshold” Tech Preview Coming Next Month
August 15, 2014, 11:29 AM
EA Access Subscription Gaming Service Now Open to All Xbox One Users
August 11, 2014, 4:32 PM
Quick Note: Windows Phone Store Surpasses 300,000 Apps
August 8, 2014, 12:30 PM
China Kicks Symantec, Kaspersky Off Approved Software List
August 4, 2014, 1:48 PM
Nintendo Reports Yet Another Quarterly Loss, Sells 510,000 Wii U Consoles
July 30, 2014, 12:00 PM
Most Popular Articles
Lumia 830 Gets Major Upgrades Including New 20.1 Megapixel Toshiba Sensor
August 15, 2014, 6:00 PM
Windows Phone, BlackBerry Smartphone Market Share Falls to 2.5%, 0.5% Respectively
August 15, 2014, 9:44 AM
GM Concedes That the Cadillac ELR Doesn’t Really Compete with the Tesla Model S
August 15, 2014, 5:42 PM
Cell Phone Thief Calls 911 After Her Victim Chases Her and Her Male Cohort
August 14, 2014, 12:11 PM
Smarter Wired, Wireless Chargers Set to Shake Up Mobile Industry
August 14, 2014, 6:39 PM
Latest Blog Posts
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information