Vulnerability in EA Origin Game Exposed Players to Hackers
Electronic Arts fixes security vulnerabilities in its Origin online gaming platform after security researchers found that they could trick gamers to remotely execute malicious code on their computers
The flaw affects Windows users with the Origin application installed. Millions of players use the Origin app to access, download and buy games. In order to facilitate access to the memory of a game from the Internet, the client has its own URL system, with which players can open applications and load games from web pages by clicking on the link Origin: // in the address. The MacOS client is unaffected by the errors.
“Cyber criminals can use configuration errors on the Microsoft Azure cloud platform and subdomains allegedly “abandoned” by EA,” According to Check Point.
However, two security researchers, Daley Bee and Dominik Penner of Underdog Security, found that the application could be tricked to run any app on the victim’s computer.
“An attacker can do whatever he wants,” according to Daley Bee. According to Bee, the malicious link could be emailed or stored on a web page, but it could also be triggered by combining malicious code with a cross-site scripting vulnerability that is automatically executed in the browser
In order to test the bug, the researchers provided the proof-of-concept code to TechCrunch to test it. The code allows any application to be executed with the same privilege as a logged-in user. In this case, the researchers opened a Windows calculator, to show that they could run remote code on the affected computer.
Worse, a hacker can send malicious commands from PowerShell, a standard application that hackers often use to download additional malicious components and install ransomware.
It is also possible to steal user access tokens with a single line of code so that an attacker can access user accounts without a password.
EA spokesman John Reseburg confirmed that the fix was initiated on Monday. TechCrunch confirms that the code will not work after the update
“Protecting our players is our priority,” Adrian Stone, EA’s director of game and platform security, said in a statement provided by the security researchers. “As a result of the report from CyberInt and CheckPoint, we engaged our product security response process to remediate the reported issues.”
This is not the first time that Electronic Arts has fixed the cybersecurity issue with Origin. According to TechCrunch, Underdog Security experts discovered a vulnerability in April that could be abused to get players using Windows computers to run malicious code on their computers.