• Exploit in Uplay service allows hackers a backdoor to any computer running it
    103 replies, posted
[URL]http://www.rockpapershotgun.com/2012/07/30/psa-possible-security-risk-in-some-ubisoft-pc-games/[/URL] [QUOTE] We’re currently investigating the full extent of this, but moralising and recrimination can come later. For now, the important thing is to warn folks who have certain Ubisoft games installed on their PCs that an apparent backdoor has been discovered in the Uplay infrastructure/DRM which may in theory allow any anyone so minded to install God knows what horrors on your PC. It isn’t confirmed as definite, but certainly proof of concept code is calling up Uplay windows and then loading other programs from websites that have nothing to do with Ubisoft. If Uplay is on your PC, I urge you to uninstall it and any games that use it immediately, until we know more. [B]Update: the flaw lies specifically in a browser plugin Uplay quietly installs, and the general consensus is now that’s all you need to remove to protect yourself. See below for details on how to rid your PC of it.[/B]Essentially, as described [URL="http://news.ycombinator.com/item?id=4311264"]here[/URL], with the right piece of code any website can call up a Uplay window and from that might be able to slip a program install or launch of their choice onto your PC. Were someone with malevolent intent to inject the code onto a commonly-visited website, they might be able to gain control over any number of PCs – or install keyloggers, viruses and the like, or just plain old wipe your hard drive. The web security expert we chatted to says this could even occur via an email link, making this exploit a phisher’s dream if it’s as a bad as it sounds. Says the expert we spoke to, “you could click on a weblink, thinking you were visiting the BBC News Website from a friendly list of bookmarks. Except it’d also install a program via UBISoft’s DRM plugin which wiped your hard drive. It is a genuine threat. All it would take is an exploited wordpress, say.”But I come here not to sensationalise, but to warn. With news of this backdoor spreading like wildfire and proof of concept code already out there, there’s a very real chance that someone will try to achieve something unpleasant with it before Ubisoft can shut it down. That’s presuming it is what it appears to be, of course – this may turn out to be an exaggeration, especially as the internet does so love to mock Ubi’s notorious DRM, but so far the evidence very much points to this being as dangerous as it sounds. I’ve contacted Ubisoft for comment and will update as and when we know more. There’s been no response as yet, and other sites are reporting similar silence.The fault does appear to specifically lie with a browser plugin Uplay installs rather than Uplay itself, so remove that from your Firefox/Chrome/IE/etc extensions as a priority, but I’m erring on the side of extreme caution and advocating the removal of anything associated with Uplay until this apparent threat is dealt with. Here’s how to locate and disable the errant plugin:[B] Firefox: Tools – Add-ons – Plugins – Disable the Uplay and Uplay PC Hub plugins[/B][B]Chrome: Visit about:plugins and disable[/B][B]Opera: Settings – Preferences – Advanced – Downloads – Search “Uplay”, delete [/B](Via [URL="http://www.rockpapershotgun.com/forums/showthread.php?5725-Ubisoft-DRM-is-a-security-risk#4"]Revisor on our forums[/URL]). Contrary to what some parts of the web are currently screaming, this is not a rookit – it’s an exploit in a browser extension. Alas, the vast majority of folk with said browser extension will have been hitherto unaware that Uplay had installed it.You can find the games which apparently include the exploit listed below. If you have any of them on PC, I would urge you to uninstall them and any Uplay applications as soon possible as a precautionary measure. If you have any of these games on your PC, you can also see the apparent exploit harmlessly in action with the link [URL="https://news.ycombinator.com/item?id=4311264"]here[/URL].We’ve tested with a PC that has never had Uplay installed on it. The exploit didn’t work at all. After installing Uplay alone, immediately the test link did indeed work, calling up the Uplay window, and then with that, booting the Windows Calculator. After uninstalling Uplay, the exploit once again didn’t work.[IMG]http://www.rockpapershotgun.com/images/12/jul/uplay2.jpg[/IMG] Calculator’s hardly scary of course, but if someone could use the exploit to slip another program onto your PC or run command lines, anything could happen. Frightening – even if there is still something of a question mark over exactly what level of access a nasty soul could go on to achieve. Additionally, this software would appear to allow Ubisoft to monitor PCs running Uplay, but again let’s wait for more details before any hammers of judgement are wielded.It appears versions of some of these games are Uplay-free and thus in theory safe, but again it may be better to be paranoid than sorry. You can always reinstall later, right? I’d also urge you to check your list of installed programs in Windows, just in case an old install of the Uplay launcher/plugin is hanging around despite your having previously uninstalled any games that used it. Here’s the list of titles known to be affected: Assassin’s Creed II Assassin’s Creed: Brotherhood Assassin’s Creed: Project Legacy Assassin’s Creed Revelations Assassin’s Creed III Beowulf: The Game Brothers in Arms: Furious 4 Call of Juarez: The Cartel Driver: San Francisco Heroes of Might and Magic VI Just Dance 3 Prince of Persia: The Forgotten Sands Pure Football R.U.S.E. Shaun White Skateboarding Silent Hunter 5: Battle of the Atlantic The Settlers 7: Paths to a Kingdom Tom Clancy’s H.A.W.X. 2 Tom Clancy’s Ghost Recon: Future Soldier Tom Clancy’s Splinter Cell: Conviction Your Shape: Fitness Evolved I’m not at all certain that list is complete, given other games are known to use Uplay – From Dust, for instance. Check your program installs and browser extensions/plugins for any trace of it regardless – it might be there from an older install even though the game that carried it is no longer on your PC.Again, more news as we have it.[/QUOTE] Basically, the ActiveX plugin UPlay installs allows access to anything on your computer. Recommended you either uninstall the affected games and the service or disable the plugin from your browser. [editline]30th July 2012[/editline] Also, please move this to General Gaming if necessary - it's just vital to get a thread on this ASAP before anyone manages to actually get to use this exploit.
I have all of the AC games and this plugin never installed. Is it because I use Chrome or? [editline]Edited:[/editline] I looked in the wrong place. It's in about:plugins
Thanks for sharing this. I just finished playing GR: Future Soldier and uninstalled it. Checking some junk left, I discovered some remnants in the registry and some empty folders that belonged to uplay's player and service.
[B]Visit this page to test if you're vulnerable:[/B] [url]http://pastehtml.com/view/c6gxl1a79.html[/url] If you have the exploit, your windows Calculator will open.
Thanks for sharing this, I've disabled it, even though Anno 2070 isn't on the list.
Namelezz, Kaspersky finds that url as a phishing URL and block it. You might want to double check it...
if you are using chrome you can type about:plugins into the URL bar and disable Uplay plugin from there
[QUOTE=Namelezz!;37001341][B]Visit this page to test if you're vulnerable:[/B] [url]http://pastehtml.com/view/c6gxl1a79.html[/url] If you have the exploit, your windows Calculator will open.[/QUOTE] Is the uplay client supposed to open? [QUOTE=HendoV2;37001371]if you are using chrome you can type about:plugins into the URL bar and disable Uplay plugin from there[/QUOTE] Oh there it is. Thank you very much!
[QUOTE=irukandji;37001364]Namelezz, Kaspersky finds that url as a phishing URL and block it. You might want to double check it...[/QUOTE] Kaspersky is garbage.
[QUOTE=irukandji;37001364]Namelezz, Kaspersky finds that url as a phishing URL and block it. You might want to double check it...[/QUOTE] It's the link provided in the article. It opens the ActiveX plugin and executes a test command that opens the calculator.
[QUOTE=irukandji;37001364]Namelezz, Kaspersky finds that url as a phishing URL and block it. You might want to double check it...[/QUOTE] Probably because of oh I dunno The exploit
[QUOTE=Blackbird88;37001373]Is the uplay client supposed to open?[/QUOTE] I'm not at home to test this myself at the moment, so I can only rely on the article.
Thankfully i don't have Uplay anymore, and that page you linked didn't open my calculator so i THINK i'm safe.
Thats a major fuckup. The exploit is so easy, its not even funny.
Had the exploit. Thanks OP, just saved me a possible future mega stress.
[QUOTE=Namelezz!;37001341][B]Visit this page to test if you're vulnerable:[/B] [url]http://pastehtml.com/view/c6gxl1a79.html[/url] If you have the exploit, your windows Calculator will open.[/QUOTE] with Uplay plugin enabled in chrome i tried this and my calculator opened, oh fuck
[QUOTE=HendoV2;37001402]with Uplay plugin enabled in chrome i tried this and my calculator opened, oh fuck[/QUOTE] Just disable the plugins then.
[QUOTE=HendoV2;37001402]with Uplay plugin enabled in chrome i tried this and my calculator opened, oh fuck[/QUOTE] remove the uplay plugin from your browser
[QUOTE=Terminutter;37001408]Just disable the plugins then.[/QUOTE] [QUOTE=kaukassus;37001411]remove the uplay plugin from your browser[/QUOTE] yeah i did but was just testing it kinda worried though cause i played driver san francisco a few days ago
[QUOTE=SomeDumbShit;37001374]Kaspersky is garbage.[/QUOTE] Almost felt from my chair laughing. I consider Kaspersky Internet Security as the best all-in-1 security tool for my home PCs and the one back at office. Now, if you can't afford it, or you run it on a crappy laptop, you don't deserve it and might consider it shitty. Try Avira/Panda and good luck on stopping anything trojan/phishing/browser related problems.
I'm more worried that Uplay silently installs shit onto your PC without actually telling you.
[QUOTE=irukandji;37001422]Almost felt from my chair laughing. I consider Kaspersky Internet Security as the best all-in-1 security tool for my home PCs and the one back at office. Now, if you can't afford it, or you run it on a crappy laptop, you don't deserve it and might consider it shitty. Try Avira/Panda and good luck on stopping anything trojan/phishing/browser related problems.[/QUOTE] Brand loyalty: the post.
[QUOTE=Instant Mix;37001432]I'm more worried that Uplay silently installs shit onto your PC without actually telling you.[/QUOTE] Its a massive security and privacy concern, if they install stuff on your system, wich isnt even secured. Every website that has added the 2-3 lines of javascript code, can excecute/install any program onto your system, or delete every file.
[QUOTE=Instant Mix;37001432]I'm more worried that Uplay silently installs shit onto your PC without actually telling you.[/QUOTE] Ubisoft DRM is a silent, but very forceful being.
What the fuck just happened?! Suddenly after I read this thread and visited that calculator site, my computer just did a bunch of bizarre things that I've never seen before! Reversing button presses, capslock is on when it's off, etc. But it's gone now! What the fuck! I mean, did I do it, or something else?
I have AC:R, but I can't seem to find the plugin. It isn't shown in about:plugins or my plugin menu, so wat
[QUOTE=irukandji;37001422]Almost felt from my chair laughing. [b]I consider[/b] Kaspersky Internet Security as the best all-in-1 security tool for my home PCs and the one back at office. Now, if you can't afford it, or you run it on a crappy laptop, you don't deserve it and might consider it shitty. Try Avira/Panda and good luck on stopping anything trojan/phishing/browser related problems.[/QUOTE] there's your problem
[QUOTE=irukandji;37001422]Almost felt from my chair laughing. I consider Kaspersky Internet Security as the best all-in-1 security tool for my home PCs and the one back at office. Now, if you can't afford it, or you run it on a crappy laptop, you don't deserve it and might consider it shitty. Try Avira/Panda and good luck on stopping anything trojan/phishing/browser related problems.[/QUOTE] There's no way you're serious.
Why is always Ubisoft that encounters major DRM problems?
[QUOTE=irukandji;37001422]Almost felt from my chair laughing. I consider Kaspersky Internet Security as the best all-in-1 security tool for my home PCs and the one back at office. Now, if you can't afford it, or you run it on a crappy laptop, you don't deserve it and might consider it shitty. Try Avira/Panda and good luck on stopping anything trojan/phishing/browser related problems.[/QUOTE] Microsoft Security Essentials + SpyBot: S&D + Malwarebytes > your shit
Sorry, you need to Log In to post a reply to this thread.