An exploit has been discovered in EA's Origin service that would allow potential hackers to swap games for pieces of malicious code.
The report comes from the BBC, who cite researchers at a security company called ReVuln. The root of the problem seems to be how the service launches its users' games.
"Like many other programs, Origin uses a web-like syntax to keep track of the places games are found on a computer so they can quickly be started when people want to play," said the BBC. "The two researchers found a way to subvert this syntax to make it point to malicious code instead of a game."
The exploit was demoed at the recent Black Hat Europe conference, with researchers able to install attack code onto a Windows PC through Crysis 3.
EA has since confirmed that it is looking into the issue, and does not believe that the loophole has been exploited by hackers. An EA representative reported to Ars Technica that, "Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure."
It's an interesting bit of timing, as EA has just announced that Origin has hit a new peak concurrent user milestone, topping 1.3 million. This was due in large part to sales of SimCity, which were recently reported to be over a million copies. With so many users now tied into the Origin framework, we can only hope that EA will be on top of this exploit before it can do any actual damage.
- Contribute to this Story:
- Send us a tip
- Send us a photo or video
- Suggest a correction
