Report: Security Hole Found in Ubisoft's DRM Scheme

July 30, 2012 -

Update: The BBC is reporting that Ubisoft has rushed to patch the exploit unearthed by a Google engineer in its Uplay DRM. The company also issued instructions for Uplay users:

"We recommend that all Uplay users update their Uplay PC application without a Web browser open," Ubisoft said. "This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from Uplay.com."

Original Story: Ubisoft finds itself in the midst of another controversy over its DRM scheme this morning. According to Seclists.org, a security hole has been found by a Google Security engineer in Ubisoft's Uplay digital rights management (DRM) software. Discussing what could be a possible rootkit in the DRM, Google security engineer Tavis Ormandy told Seclists about some unexpected behavior in Uplay after installing a copy of Assassin's Creed Revelations on his PC.

"I don't know if it's by design, but I thought I'd mention it here in case someone else wants to look into it," says Ormandy.

Commenters over at Hacker News have also published a "proof of concept URL" that allows someone to exploit a vulnerability in a browser plugin installed by Uplay. They were able to use this launch the Windows calculator.

"Ubisoft installs a backdoor that allows any website to take over your computer," says one commenter.

Ubisoft hasn't publicly commented on the story yet. The Uplay DRM scheme is supposed to stop piracy, but that doesn't explain why it includes a rootkit in the mix. We'll have more on this story as it develops.

Source: Polygon


Comments

Re: Report: Security Hole Found in Ubisoft's DRM Scheme

As I understand, the problem isn't really with any of the DRM functionality (or even a rootkit) so much as it is with sloppy coding in the Uplay browser plugin -- it's presumably supposed to allow you to launch a game from the website (I don't know for certain since I don't have any Upay-enabled PC games installed), but it can instead launch any program you tell it to.

It has been reported that the security hole is now fixed, so you'll probably want to grab the updater off Uplay.com if you're affected.

Re: Report: Security Hole Found in Ubisoft's DRM Scheme

I think the problem isn't "it can arbitrarily launch any program," since I doubt the Uplay nonsense has a list of executables that are part of its library. The issue is "there's no way to make sure that an Ubisoft website is doing this," and those other websites would obviously not be launching harmless programs.

Re: Report: Security Hole Found in Ubisoft's DRM Scheme

It wouldn't need to have such a list. The plugin could receive a command along the lines of "launch Assassin's Creed II", upon which it could check the registry to see if a Uplay enabled game with that title was installed, and if so in what folder. Yes, if something malicious was able to edit the registry that could be problematic, but if you already have the capacity to do something like that odds are you've reached the "execute arbitrary code" stage without involving Uplay to begin with.

Re: Report: Security Hole Found in Ubisoft's DRM Scheme

Is it the inclusion of the root kit that is the problem? Also, does anyone have any idea how including the root kit would benefit Ubisof?

-----------------------------------------

Managing Editor at TheBestGameSiteEver.com

 
Forgot your password?
Username :
Password :

Poll

Should 'Hatred' have been removed from Steam Greenlight?:
 

Be Heard - Contact Your Politician