Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Researchers Identify Security Exploit in Origin

This article is over 11 years old and may contain outdated information
image

Launching Origin on your PC by clicking random links in your browser may not be such a great idea.

EA’s online store Origin doesn’t exactly resonate with core gamers compared to other digital delivery platforms, such as Steam. Unfortunately for EA, it looks like there is one more reason to be wary of its electronic marketplace: a security research company has identified an exploit in the Origin platform that could potentially allow an attacker to execute malicious code on a player’s computer.

Researchers from ReVuln, based in Malta, published the findings in a white paper last month. The exploit focuses on Origin’s use of uniform resource identifiers (URIs), which the program uses in order to enforce DRM protection of its games. ReVuln proposed that malicious users could exploit local vulnerabilities or features by abusing the URI mechanism, such as by creating a malicious internet link that could execute code remotely on a system.

The security researchers recently demonstrated the exploit at a Black Hat security conference in Amsterdam on a system with Origin and Crysis 3 installed. By clicking on a modified URI within a web browser, the researchers were able to run a compromised DLL file on the computer as the game was launching. ReVuln also discovered that attackers could attempt to launch a list of games by brute force, allowing the attacker to exploit a system without knowing what games are available in the victim’s account.

This isn’t the first time that ReVuln has come across this issue, though: the company identified the same vulnerability in Steam’s browser protocol and its use of steam://, which closely resembles the issue found in Origin.

To counter the exploit, ReVuln recommends globally blocking the origin:// URI using a tool such as urlprotocolview. Alternatively, whenever your browser prompts you to always associate origin:// links with the program, you can choose to ignore the suggestion, so you have more control over Origin’s execution if something unexpected happens.

An EA spokesman responded to Ars Technica in regards to the vulnerability, saying that “Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure”.

Source: ReVuln via Ars Technica

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission.Ā Learn more about our Affiliate Policy