Origin vulnerability lets attackers hijack gaming machines

By on March 19, 2013, 2:00 PM

Upwards of 40 million users of EA's Origin game platform could be open to a vulnerability that allows an attacker to remotely execute malicious code. Demonstrated by ReVuln on Friday at the Black Hat security conference in Amsterdam, the process requires Origin's client to be installed on the victim's machine and it can be exploited when the user clicks a specially crafted link.

The issue stems from Origin's use of specific uniform resource identifiers (URIs) to communicate with games. When it launches a title, it sends an "origin://LaunchGame/" URI that may also contain custom command line arguments known as "CommandParams." In ReVuln's demo for instance, the platform uses "origin://LaunchGame/71503" to open Crysis 3.

Because that link can contain CommandParams, an attacker could deliver a payload targeting software on your system with a couple of simple commands. For example, ReVuln says this would invoke the Nvidia benchmark framework and then download a tainted DLL: origin://LaunchGame//?CommandParams= -openautomate \openautomate.dll.

What's more, as we understand it, Origin doesn't even have to be running -- again, just installed -- and it's possible that an attacker could exploit a system transparently, especially if the person has their system configured to handle origin:// links automatically. As such, at a minimum, folks are encouraged to make sure their browser is set to issue a prompt when handling those links.

If you're looking to clamp down a bit more than that, the researchers recommend that you disable the origin:// URI globally with a tool such as Nirsoft's URLProtocolView. This will prevent you -- and anyone else -- from running games via shortcuts with custom parameters on your system, but ReVuln says you'll still be able to play games by running them directly from Origin's client.

It's worth noting that this isn't a new problem. The same security group exposed a similar issue on Steam last year: maliciously crafted "steam://" links could be used for remote code execution. Valve plugged that hole roughly two days after ReVuln's report was released. It's unclear if or when EA will issue a fix, not least considering it's had five months to act since the Steam issue.




User Comments: 13

Got something to say? Post a comment
1 person liked this | JC713 JC713 said:

Not surprised. Origin is a fail.

Sniped_Ash said:

It amuses me to no end that EA copied Steam, but didn't bother to learn from Valve's mistakes.

Guest said:

"It's unclear if or when EA will issue a fix, "

How is it, in any way unclear, whatsoever? Its EA ... the Definitive Answer is "We'll get around too it in a few months"

IAMTHESTIG said:

It amuses me to no end that EA copied Steam, but didn't bother to learn from Valve's mistakes.

I know... Steam was crap when it first came out, but they kept improving their product and service to the point where people are happy now. To top it off the frequent sales helps encourage loyalty.

Origin was crap and still is crap, even after all this time. It doesn't appear they've made any attempts to improve the UI. The only thing I can acknowledge is they are releasing update patches regularly, and some issues have been resolved, but overall it is still crap.

howzz1854 said:

I have to say honestly most of my game purchase decisions have been put off by the exclusivity of Origin platforum. Steam didn't get this popular because they forced every game to be distributed on steam only. users had choices of steam or other direct download methods. it was the variety of options and convenience that made steam popular, instead EA is going about it all wrong. apparently EA thinks forcing the users into lack of option will drive sales. with all the negative press lately, and lack of performance on their balance sheet, sometimes I think EA just needs to start it all over fresh.

Skidmarksdeluxe Skidmarksdeluxe said:

Bah! All game clients are a pain in the posterior. I can easily live without any of them.

Guest said:

You forgot to add "if ever".

JC713 JC713 said:

It amuses me to no end that EA copied Steam, but didn't bother to learn from Valve's mistakes.

They used Battlefield 3 as a way to promote it, it helped, but the client still fails.

1 person liked this | TS-56336 TS-56336 said:

Origin itself is one big exploit.

Mbloof said:

Gee I'm sorry. I thought I simply purchased a game from you. I did NOT however give you license to advertise on my desktop and suggest other titles to me.

fimbles fimbles said:

A simple way to get around this is to download a no-cd crack. and dont install origin at all.

Copy protection fails again.

TheDreams TheDreams said:

They used Battlefield 3 as a way to promote it, it helped, but the client still fails.

I'd have to say that Battlefield 3 is the only good game on Origin, that is really the only thing that is holding Origin up.

JC713 JC713 said:

They used Battlefield 3 as a way to promote it, it helped, but the client still fails.

I'd have to say that Battlefield 3 is the only good game on Origin, that is really the only thing that is holding Origin up.

Yup, thats what my point was.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.