Is Ubisoft's DRM browser plugin a rootkit?
Posted on 30.07.2012
An offhand remark made by Google engineer Tavis Ormandy to a post on the Full Disclosure mailing list has sparked anger in the harts of Ubisoft users, as he shared his discovery of what seems to be a rootkit in the DRM system used by the company.

"() while on vacation recently I bought a video game called 'Assassin's Creed Revelations'. I didn't have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for it's accompanying uplay launcher, which grants unexpectedly (at least to me) wide access to websites," he wrote.

"I don't know if it's by design, but I thought I'd mention it here in case someone else wants to look into it (I'm not really interested in video game security, I air-gap the machine I use to play games). A few minutes in IDA suggests this might work."

DRM systems such as Uplay are used by game companies to check whether the game in question has been legally bought, and to offer additional content. So far, it seems that the opening of the backdoor (some even define it as a rootkit) into the customers' machines was not intentional, but due to a bug.

According to The Sixth Axis, Ubisoft has reacted pretty fast and has patched the hole by issuing a new version of the uPlay software. But, according to some reports, the patch might not be as effective as expected.

Mozilla has blocked the plugin temporarily in Firefox until the bug is fixed, but Internet Explorer and Chrome users are still at risk, and should consider blocking the plugin themselves for the time being.

UPDATE:
"The issue is not a rootkit. The Uplay application has never included a rootkit. The issue was from a browser plug-in that Uplay PC utilizes which suffered from a coding error that allowed systems usually used by Ubisoft PC game developers to make their games," Ubisoft stated to The Register, and advised its users to download and run the Uplay update in order to keep safe.






Spotlight

Staples customers likely the latest victims of credit card breach

Posted on 21 October 2014.  |  Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing with a data breach.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //