Slashdot Mirror

← Back to Stories (view on slashdot.org)

Critical Vulnerabilities In Call of Duty: Modern Warfare 3, CryEngine 3

Posted by Soulskill on from the can't-even-trust-games-anymore dept.

hypnosec writes with news that two security consultants have found vulnerabilities in Call of Duty: Modern Warfare 3 and the CryEngine 3 graphics engine that could harm game makers and players alike. Presenting at the Power of Community (POC2012) security conference, the researchers demonstrated how a denial-of-service attack could affect Modern Warfare 3, and how a server-level attack on CryEngine 3 allowed them to "create a remote shell on a game-player's computer." "'Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server,' Ferrante said. In general, game companies don't seem to be very focused on security but rather on performance of the game itself, Ferrante said. Adding security checks can slow down games, and if the companies don't deem the problem a very critical issue, it will usually be ignored. 'These are games that have a very large market,' Auriemma said."

16 of 77 comments (clear)

  1. Well duh by neo8750 · · Score: 3, Insightful

    Ferrante said. In general, game companies don't seem to be very focused on security but rather on performance of the game itself, Ferrante said. Adding security checks can slow down games, and if the companies don't deem the problem a very critical issue, it will usually be ignored.

    Well of course they care only about performance Its all their user base really cares about.

    1. Re:Well duh by PhrostyMcByte · · Score: 2

      This is pretty common. Source engine can also be DoSed very easily with corrupt packets. It's one of the reasons I stopped playing Left 4 Dead --- some people can't just lose, they need to be losers.

    2. Re:Well duh by Opportunist · · Score: 4, Insightful

      Because by default we don't expect a game to compromise the security of our machine.

      And, bluntly, I cannot fault the player, while at the same time knowing that games ARE a ticking time bomb. What really ticks me off about it is that there is usually no reason that it has to.

      First of all, a lot of games require admin privileges on Windows, which always keeps me wondering why. What the FUCK is a game supposedly doing in areas where it touches anything that should remotely require admin rights? DRM, anyone? That's actually what really pisses me off, the game doesn't really need the privileges, but the useless crap that serves the player no purpose not only slows the whole crap down but also opens him up for an attack if the game has a security hole.

      Now add that A-titles have a large player base and more and more of them require a network connection (DRM raises its ugly head again there) and see why they are a really interesting target for malware authors. First, unlike OSs and business software, security updates for games are not really a prime concern since there is with some certainty no business involved that could have a legal department which makes your life really unpleasant if your crappy software causes security concerns. The user doesn't worry if the software starts an online connection even if he doesn't intent to have one, since DRM is known to phone home, so firewall rules don't hit and the game has the rights to initiate contact to the outside world. Depending on the game, it might even be necessary to allow incoming connections. And to make matters worse, the game has admin privileges.

      What more could a malware author ask for?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Re:Oh no! by PlusFiveTroll · · Score: 4, Insightful

    Yep, and that patch will clean up your computer after hackers take over the server and run a remote shell on your computer and pilfer any information their botnet can find. Thank god we don't have to write secure software any more since we can patch it any time we need to before the hackers actually run exploits.

  3. Blame the users/consumers/people by tuppe666 · · Score: 3, Insightful

    Well of course they care only about performance Its all their user base really cares about.

    To be fair...nobody is interested in security until things go wrong, they will and they do. Then its look for a scapegoat, and the solution is to remove rights and privacy of the individual for the illusion protection, throw in a few laws, that only affect the law abiding and decent. Then we live in fear.

    ...If I looks like I could be talking about anything...I am; The strategies are the same for everything.

  4. They focus on client level security to some extent by sandytaru · · Score: 2

    I have to do triple double or level security passes, including a one time security token, to get into quite a few MMOs. They had to; many RMT organizations made a profit hacking and looting accounts by using keyloggers to obtain passwords.

    --
    Occasionally living proof of the Ballmer peak.
  5. Patch will soon be here by Tr3vin · · Score: 4, Funny

    On Tuesday the patch for MW3 will be released. Some know it as Black Ops II but it will practically ensure that nobody is left playing MW3.

    1. Re:Patch will soon be here by Anonymous Coward · · Score: 4, Insightful

      MW3. My mind will always translates as Mech Warrior.

  6. Re:They could stop these things... by drinkypoo · · Score: 2

    No actually, the masses are dumb. They don't want their single player games to actually be multiplayer games. However, many of them have been led to believe it is a good thing via techniques of propaganda, which have time and again been proven to be effective at making people make poor decisions. The masses want someone else to make decisions for them. That's why we can't have libertarianism. It only works if people can make their own decisions responsibly, and most people don't even want to make their own decisions.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  7. Re:The remote shell is NOT a surprise by cbhacking · · Score: 4, Insightful

    The importance of the remote shell is not that "if you can get arbitrary code execution, you can get a remote shell" (this is pretty much a tautology). The importance is that it demonstrates the possibility of arbitrary code execution at all. A lot of security vulnerabilities are difficult to actually exploit. In most cases, the best that an attacker will ever achieve is denial of service ( a crash, or forced disconnect, or using up all the RAM so the game runs too slowly, or soemthing like that).

    Contrary to what the movies would have you believe, actual exploits are (especially in a modern environment full of vulnerability mitigations) very difficult to produce in most cases. Many security researchers don't even bother with that step; it's enough to find the vulnerability and flag it "probably exploitable".

    --
    There's no place I could be, since I've found Serenity...
  8. Re:They could stop these things... by blahplusplus · · Score: 5, Insightful

    You believe all the propaganda they pushed to get you to accept DRM. Cheats have always been a natural part of playing games provided the player can control who you can play with. Cheaters could cheat to their hearts content in private games and not effect anyone else. Private servers/LAN allow people to choose who they play with, when and where. These centralized servers create huge security and points of failure.

    Not only that but cheating in a single player game you paid for - there's nothing wrong with it because it hurts no one. You are victim of gaming PR and propaganda. You accept broken and inferior products that's not a sign of a healthy mind.

  9. Re:Since MW3 is on the same engine as the others.. by Black+LED · · Score: 4, Informative

    They pretty much are. Some of these exploits have existed since the original id Tech 3 engine, from which Modern Warfare 3's engine is originally based. I've been using Luigi's proof of concept tools to do testing on old id Tech 3 engine games that I used to host servers on for years. With his advice I was able to work around certain problems, but not all of them.

    I am not sure how bad the vulnerabilities have become, but back then it was generally buffer overflow exploits that allowed player clients to be crashed, servers to be crashed or even the master server to be crashed. There weren't any exploits that I would consider critical, but they were highly annoying.

  10. Re:They could stop these things... by blahplusplus · · Score: 5, Insightful

    Well yes but THINK about having millions of people playing a SINGLE PLAYER GAME ONLINE, that means huge swaths of computers wouldn't have open ports/be communicating with servers at all if not for 'online drm'. Diablo 3 being a case in point, all these security issues are caused by gaming corporations wanting absolute control over everyone and everything in gaming.

    The point is the whole centralization and DRM make security issues much bigger since companies tend to want control and as much information as possible about users and are careless with data. All that could be avoided if the multiplayer aspects of videogames didn't require being chained to online and all sorts of needing accounts, user info and other nonsense.

    In Quake 3 you didn't need to sign up anywhere to play the damn game and you never had to give out emails or information to anybody. Not only that requiring users to be online when they play single player just creates a huge attack surface.

  11. Re:They could stop these things... by hairyfeet · · Score: 3, Interesting

    Because the people came to Blizzard with pitchforks and said "We want single player to be online only, with lots of lag and a real money market so you can assrape us on loot!"...ohhh wait, nobody wanted that but Blizzard, which is why I bought Torchlight II instead where I can host my own games and play SP without the net.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  12. Re:Oh no! by sjwt · · Score: 5, Funny

    Are you kidding? Why patch it.. is a feature, after all the future of modern warfare is cyber warfare! Users are now getting extra content for free,they should be thankful they aren't charged for a DLC pack that they are already using!

    --
    You have 5 Moderator Points!
    Which Helpless Linux zealot/MS basher do you want to mod down today?
  13. Re:The remote shell is NOT a surprise by AchilleTalon · · Score: 2

    Contrary to what the movies would have you believe, actual exploits are (especially in a modern environment full of vulnerability mitigations) very difficult to produce in most cases. Many security researchers don't even bother with that step; it's enough to find the vulnerability and flag it "probably exploitable".

    On another hand, unpatched, unresolved, unfixed security issues will attract hackers until they find a way to exploit them. So, no need to find an easy exploitable scenario to flag them as probably exploitable. Why someone should sit and wait it becomes exploitable to fix it? It's a kind of security through obscurity you are talking about. I'm sorry, but this must be secure by design.

    --
    Achille Talon
    Hop!