Security loophole found in EA’s origin which can used to embed malicious code

Recently, researchers were able to exploit Origin game store’s loophole which shows that gamers who download their favorite EA title could compromise their systems, although there is no evidence currently that the loophole is being used by hackers.

According to the report, Origin used a web-like syntax which keeps a track record of games installed on a computer so that they can the can be quickly started when the user chooses to run the game. The same syntax can be used to embed a malicious code instead of a game.

The researchers Mr. Gerrante and Mr Auriemma from Revun, a security company and who wrote a detail report noted,”An attacker can craft a malicious internet link to execute malicious code remotely on victim’s system, which has Origin installed.”

They’ve also said that the hackers have to know some ID information about a certain player in order to use this vulnerability. But also said that its easy for hackers to work around this as Origin did not prevent any repeated attempts to guess information.

During Black Hat Europe conference, a demonstration was shown about this attacked, which showed that a Windows based PC with Origin and EA’s Crysis 3 was taken over by their malicious code. The pair who showed this demonstration added that the only way for players to protect themselves from this attack was by stopping Origin from launching the games via desktop shortcut.

EA, who is currently investing this exploit, told Ars Technica that the exploit found by the pair as a part of their work helped Origin to be more secure.

Origin was launched in 2011 as a service by EA to download and manages EA owned games and even chat to their friends who are using Origin. Currently there are more than 10 Million people who have an account in Origin. If it were found by a hacker with an intention to harm EA’s users, the results will be catastrophic.

Source: BBC