backtop


Print 62 comment(s) - last by NellyFromMA.. on Aug 1 at 7:37 AM

Assasin's Creed installs dangerous software -- can we say "class action lawsuit"?

Google, Inc. (GOOG) engineer Tavis Ormandy has created a world of woe for French software giant Ubisoft Entertainment S.A. (EPA:UBI) after he revealed that the company was endangering customers by installing dangerous software that opened a back-door to their machines.

Ubisoft is well known for its best-selling Assassin's Creed, Rayman, and Far Cry franchises, as well as a number of Tom Clancy titles (e.g. the Splinter Cell series).  But according to Mr. Ormandy, Ubisoft's recent software comes with a dangerous attachment -- a browser plugin designed to support the company's secured Uplay service.

The browser plug-in acts as an accidental Trojan, allows arbitrary code execution via the opened "door" inside the affected browser.  Ubisoft uses the plugin to check if the installed title is valid, allowing gamers access to online play and achievements.  But according to Mr. Ormandy hackers could also exploit the open door in escalation of privileges attacks on the users' machine.

Hundreds of thousands of PC gamers are believed to be affected.

Uplay Uplay
Ubisoft Uplay browser plugin allowed unauthorized acceess to users' machines.
[Image Source: Geek.com]

Affected titles include 5 Assassin’s Creed games, 3 Tom Clancy games, as well as popular titles such as Driver: San Francisco, and Settlers 7.  Mr. Ormandy first observed the exploitable plug-in while installing Assassin's Creed: Revelations.

Assassin's Creed
The exploitable plug-in came with installs of Assassin's Creed titles. [Image Source: IGN]

Ubisoft had already upset customers with its DRM scheme, as many complained that they had legitimately purchased titles, but were being locked out of gameplay when their machines were offline.  Ubisoft defended this policy.

Now it may be forced to defend itself in court against class action lawsuits for endangering its loyal customers.

The incident is eerily reminiscent to the rootkit discovered on Sony Corp. (TYO:6758) music CDs several years ago.  Sony was subsequently sued and forced into an apology/settlement for recklessly endangering its users.

Note: As the plug-in does not mask its presence, in its current form it is closer to an exploitable plug-in aka. an accidental Trojan than a rootkit by definition, hence the text was changed to correct this.

Sources: SecLists, Geek, Ycombinator News



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: DRM should be illegal
By augiem on 7/31/2012 3:58:54 PM , Rating: 2
I think a big part of the problem in general is that people do not think of digital goods the same as they do physical. Because it can be copied 100% with the push of a button, suddenly it seems as if it took no work to create and its not harming anyone if you just take it. A very small percentage of people in the first world would even steal a candy bar from a grocery store, but a very large percentage of them have, would, and do steal digital goods. Its a dangerous attitude that could ultimately lead to complete devaluation of all art forms that can be distributed digitally. Stealing digitial goods is awesome so long as there is a huge library of good content to steal from, but if the monetary incentive dries up, nobody will be producing those goods anymore for everyone to steal. Rampant, casual piracy has just been a normal part of daily life in East Asia, Russia, and eastern Eurpoe for the last 30 years or so, but they couldn't have had access to that catalog of free content were it not for all the people supporting its production by paying for it in the USA, UK, France, etc. It's kind of like socialism/communism. It works great until your stockpile of rich people on which you have been feeding is dried up. The scary/sad part is, in the first world, especially among the youth, the attitude that digital content has no intrinsic value is only getting more prevalant year after year.


RE: DRM should be illegal
By NellyFromMA on 8/1/2012 7:37:14 AM , Rating: 2
In general, I think the upcoming generation doesn't really have a firm grasp on nor do they seem to place or assess any real value in much of anything.

I agree with all of what you've said though.


"We basically took a look at this situation and said, this is bullshit." -- Newegg Chief Legal Officer Lee Cheng's take on patent troll Soverain














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki