EA’s Origin leaves 10 million customers vulnerable to hacking


There is simply no such thing as a perfectly secure digital system. Multibillion dollar companies like Sony have proven time and again that even after spending huge sums of money to build safe online entertainment stores and networks like the PlayStation Network, hackers will find a weakness in its façade. Electronic Arts has also spent a large sum of money to transform its multiple digital businesses into one all-encompassing network called EA Origin. It turns out that even Origin is exploitable, according to one security company. 

Donato Ferrante and Luigi Auriemma of the security company ReVuln found that by manipulating the way Origin opens video games through its client—the application that people use on their PCs to purchase and play games through EA Origin—hackers could potentially trick people’s machines into launching malicious code. For example, a player firing up Battlefield 3 could instead accidentally launch a keylogger, a program that remotely records their keyboard inputs to reveal sensitive information. Hackers would already need to know personal information about a player’s Origin account for the exploit to work, but the pair said it would be easy to work around this since Origin doesn’t lock out an account if a user fails to enter the correct security information multiple times.

“An attacker can craft a malicious internet link to execute malicious code remotely on victim’s system which has Origin installed,” wrote ReVuln’s researchers.

EA told Ars Technica that it’s investigating the vulnerability and will attempt to fix it.

Many would-be contenders to Steam’s digital video game distribution crown have revealed themselves to be vulnerable in the past year. Shortly after changing its digital rights management network Uplay into a distribution channel for its games, Ubisoft discovered that it was also leaving its customers vulnerable to digital attacks. Uplay’s problem was actually much worse than Origin’s vulnerability, since the Uplay client was accidentally installing an exploitable plug-in on people’s PCs without their permission. “The browser plug-in that we used to launch the application through Uplay was able to take command line arguments that developers used to launch their games while they’re being made,” said Ubisoft in July 2012, “This weakness could allow the application to specify any executable to run, rather than just a game. This means it was possible to launch another program on the machine.”

ReVuln’s techs said that around 10 million customers were vulnerable thanks to the chink in EA Origin’s armor.

Source: BBC


Popular Android navigation apps are just Google Maps with ads, researcher says

A malware researcher found that 19 free Android navigation apps on the Google Play Store were nothing more than Google Maps, but with ads. One of the apps asked for a payment to remove the ads, while some of them presented security risks.
Smart Home

Amazon patents a technology to help Alexa fight fake voice attacks

Amazon filed a patent this month for a new technology that looks like it would help its digital assistant Alexa fight fake voice attacks that could potentially fool Alexa's biometric security protocols.

‘Fortnite’ security flaw let hackers spy on players through microphones

A security vulnerability found in Fortnite allowed hackers to gain access to other players' accounts, potentially letting them spy on conversations using the in-game microphone. It has been addressed.

Is your PC slow? Here's how to restore Windows 10 to factory settings

Computers rarely work as well after they accumulate files and misconfigure settings. Thankfully, with this guide, you'll be able to restore your PC to its original state by learning how to factory reset Windows.

Here's where Xur is and what he has for wares this week in 'Destiny 2: Forsaken'

The weekly vendor in Destiny 2: Forsaken always brings Exotic weapons and armor, some of the toughest loot to find in the game. Here's everything you need to know to track down Xur: Where he is, when he shows up, and what he's stocking.

You could be gaming on AMD’s Navi graphics card before the end of the summer

If you're waiting for a new graphics card from AMD that doesn't cost $700, you may have to wait for Navi. But that card may not be far away, with new rumors suggesting we could see a July launch.

Blizzard’s latest hiring spree is likely for the unannounced ‘Diablo 4’

Activision Blizzard is hiring for more than a dozen positions on unannounced Diablo projects. Some of the roles are likely for the unannounced Diablo 4, the next mainline entry in the series.

Sharing your best gameplay moments is quick and easy on the Xbox One

The current generation of consoles make it easier than ever to share your gaming highlights with the world. Here's a quick guide on how you can record a gameplay video on Xbox One.

Everything we know about 'Red Dead Online', including the new mode Gun Rush

Red Dead Online will gradually rolled out to Red Dead Redemption 2 players via a beta. We've got all the details about the beta's suite of competitive and cooperative modes, as well as what to expect going forward.

Xbox One X vs. PS4 Pro: Which console is more powerful?

Far from cooling down, the console wars are only getting more intense. We compare Microsoft's Xbox One X to Sony's PlayStation 4 Pro to help you decide which premium console is right for you.

Fortnite V-Bucks being used by criminals for money laundering on dark web

Criminals are using Fortnite's V-Bucks for money laundering schemes on the dark web. Epic Games, apparently, is not doing enough to prevent the game from being used for the illegal activity.

Relive the 8-bit gaming era with the best NES emulators for Android and PC

For years prior to the release of the NES Classic, emulators have offered a means to every NES game ever created without needing the console. Here are the best NES emulators for Android and PC.

Mortal Kombat 11 Kollector’s Edition comes with a life-size Scorpion mask

The Mortal Kombat 11 Kollector's Edition will come with a human-sized replica of the mask of Scorpion, one of the most iconic fighters of the series. NetherRealm Studios has also announced the game's preorder bonuses.

Xbox app lets you access your console while away from home. Here's how

Microsoft's Xbox allows you to access your profile information and launch media content directly from your mobile device. Check out our quick guide on how to connect your smartphone to an Xbox One.