IT risk management

Isolate games PCs warns researcher after Ubisoft flaw comes to light

Warwick Ashford

A researcher who discovered a security flaw in Ubisoft's Uplay gaming application said PCs used for gaming should be isolated from business and other networks.

"I air-gap the machine I use to play games," said Tavis Ormandy, a Google employee and security researcher, in a posting on a mailing list for information security experts.

In recent years, security experts have warned that security vulnerabilities in gaming software could be a risk to business too because a lot of employees are playing these games on company-issued computers.

According to Ormandy, he noticed that the installation procedure for Assassin's Creed Revelations created a browser plug-in for its accompanying Uplay launcher, which "grants unexpectedly (at least to me) wide access to websites".

It was discovered that any website could force users with the Uplay plug-in to open any program on their PC, according to the BBC.

PC games maker Ubisoft immediately released a security update to fix the vulnerability, which could potentially allow attackers to take control of gamers' computers.

The Uplay software, which enables gamers to earn points and rewards, is bundled with Ubisoft's major titles such as Assassin's Creed and Call of Juarez:San Francisco.

The games maker has called on all users to update their version of the software immediately.

"We recommend that all Uplay users update their Uplay PC application without a web browser open. This will allow the plug-in to update correctly," the company said.

Ubisoft said an updated version of the Uplay PC installer with the patch is also available from Uplay.com.

The problem was initially reported as being a form of rootkit used for monitoring the Ubisoft's digital rights management (DRM) system, but the company denied this in a statement.

"The issue is not a rootkit. The Uplay application has never included a rootkit. The issue was from a browser plug-in that Uplay PC utilises which suffered from a coding error that allowed systems usually used by Ubisoft PC games developers to make their games," the statement said.


Image: Hemera/Thinkstock


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy