Ubisoft DRM Lets in Remote Attackers, Google Engineer ReportsSubmitted by PWA on Wed, 08/01/2012 - 09:48
Hacker Tavis Ormandy has discovered a serious vulnerability in a well-known PC game DRM system. The Google engineer said that after buying a game from Ubisoft he became aware that its “Uplay” browser plug-in might prove problematic. In the early hours of this morning Ormandy confirmed that the add-on allows remote and “wide access” to machines running the DRM, potentially giving malicious attackers free reign to wreak havoc.
Digital Rights Management (DRM) software is seen as an essential part of life for many games developers. It allows them to control who and who cannot copy, install and otherwise operate their software, usually for the purposes of piracy control.
But all too often DRM hits the headlines when it either fails to do its job or generates unintended side-effects that cause headaches for legitimate users. Today could be the start of a very big headache indeed for Ubisoft and people who have purchased the company’s games.
According to hacker/researcher Tavis Ormandy, the Uplay DRM system designed and operated by Ubisoft could be opening up the company’s customers’ machines to a whole world of hurt.