Ubisoft DRM Lets In Remote Attackers, Google Engineer Reports

KIA

KIA

KIA

Man of Honour
Joined
14 Nov 2004
Posts
13,857
Hacker Tavis Ormandy has discovered a serious vulnerability in a well-known PC game DRM system. The Google engineer said that after buying a game from Ubisoft he became aware that its “Uplay” browser plug-in might prove problematic. In the early hours of this morning Ormandy confirmed that the add-on allows remote and “wide access” to machines running the DRM, potentially giving malicious attackers free reign to wreak havoc.
Click to expand...

http://torrentfreak.com/ubisoft-drm-lets-in-remote-attackers-google-engineer-reports-120730/

Another Ubisoft fail. :rolleyes:
 
RockPaperShotgun have also covered it here. Basically, if you've got the uPlay browser plug-in installed then disable or uninstall it.

The plug-in allows a web page to execute anything on your pc, so an attacker could clear out your documents, download and install a root kit etc. just from you visiting a web page.
 
Does the uPlay browser plug-in automatically install it self when you purchase a game?

Installed AC:R awhile ago, but wasnt aware there even was a plug-in :confused:
 
Scythian said:
Does the uPlay browser plug-in automatically install it self when you purchase a game?

Installed AC:R awhile ago, but wasnt aware there even was a plug-in :confused:
Click to expand...

Yep, it installs itself silently without you knowing. It applies to Ubisoft games installed from Steam as well.

[edit] - The plug-in installs itself during the game installation.
 
This is the last straw for me I'm done with ubisoft on pc. I knew I shouldn't have bought a ubisoft game in the steam sale but I ignored my hesitations because of the discount, I thought the drm wasn't a big deal at a discounted price but this is too much to except. :mad:
 
Updated?

CaptureUPLAY.jpg
 
iviv said:
http://pastehtml.com/view/c6gxl1a79.html

That should be a test page (Linked to by the RPS page). If you have the plugin then it will open uPlay and Calculator.exe on your computer. If you don't have it then your browser will just complain that you don't have the plugin installed.
Click to expand...

Didn't open the calculator, but did Uplay :confused:

EDIT: Once it updated it opened calculater :mad::mad:
 
Weird, got some of the AC games installed and had Uplay installed but no browser plugin... and that test page does nothing. I suppose I should be happy but instead I'm just wondering where the stupid things hiding...
 
In a small amount of credit to ubisoft they've been quick to update it but i don't have anything from Ubisoft on the PC since i reinstalled windows onto my SSD.
 
iviv said:
http://pastehtml.com/view/c6gxl1a79.html

That should be a test page (Linked to by the RPS page). If you have the plugin then it will open uPlay and Calculator.exe on your computer. If you don't have it then your browser will just complain that you don't have the plugin installed.
Click to expand...

Strange, opened in a new tab but nothing happened other than I needed to install a new plug-in. I assumed this meant I safe but if it automatically installed then something may be going wrong? or am I being paranoid? :p
 
You must log in or register to reply here.
Back
Top Bottom