Published on March 19th, 2013 | by Callum Shephard0
Exploit In EA Origin Store Leaves Users Vulnerable To Hacking
Just when you think things can’t get any worse for Electronic Arts, it turns out they quite easily can.
While running a series of tests on EA’s Origin online store, security company ReVuln have uncovered a major exploit within its programming. One which would effectively allow someone with the right amount of knowledge of how the system works to screw with a user’s PC and upload a malicious code to cause problems for them. Effectively remotely hacking other users’ computers.
The exploit in question has been described as follows by ReVuln researchers Donato Ferrante and Luigi Auriemma in a paper detailing the exact issue: “The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism. In other words, an attacker can craft a malicious internet link to execute malicious code remotely on [a] victim’s system, which has Origin installed.”
The worst part about all this is that this exploit doesn’t have to rely upon a person buying new games or looking up new items online. It works by having someone replace the links which launch games which have already been downloaded with those which lead to other sites or locations where something can be uploaded onto the computer in question.
Speaking to Polygon on the matter, security adviser Michael McKinnon of AVG Technologies stated that the problem comes from Origin’s use of “custom “URI” links” which allows users to “cross seamlessly between web pages and the application”. He described it as being a necessary evil which left the system open for such an exploit but further stated that custom “URI” links are not unique to Origin. Being present in a number of other common applications such as iTunes. McKinnon further added that: “To protect themselves, users should be disabling the “origin://” link from being triggered in their browsers, although I suspect for many Origin gamers this might be impractical, so instead they could consider configuring their browser to prompt them instead”.
Further details on the nature of the exploit and the problems can be found in the links above, but thankfully it appears that there is no evidence it has been identified or used by anyone else. One additional way which has been detailed to help avoid the issue is by launching Origin titles directly through the service rather than through shortcuts or desktop icons. This is not a perfect way to avoid it however as in some cases it can be executed without interaction from the computers’ owner in any way.