Following on from all the issues surrounding Electronic Arts’ release of Sim City, things seem to be getting worse for the company. Not only are they compensating new Sim City owners due to issues with the online nature of the game but there is now a risk of games being swapped for malicious code via their Origin game store.
The BBC are reporting today that a hack, tested under lab conditions but not believed to have been exploited in the wild as of yet, can be used to run malicious code on a target machine –
“In lab experiments, the researchers exploited a loophole in the way Origin handles links to games users have downloaded and installed to make it run code that compromised a target machine.”
Its based around the way that Origin links to games that one of their users has purchased. These links usually link to games that the user has installed – clicking on them will run the game as expected. However, the links also work with a web syntax that could be redirected to install malicious code and run it on the user’s machine instead.
You shouldn’t be too worried about it at this time as there is, thus far, no evidence to suggest that it has been used outside of the testing undertaken by RiVuln who discovered it. Additionally, some personal info about the user is required to make it work though Origin don’t block multiple attempts at guessing this so a script could easily be written to continually guess the details until successful.
With any luck the BBC reporting will prompt a quick response and fix from EA….
photo: James Cridland