Source Engine bug could allow hacker to take over a PC with CS:GO Steam invite

midian182

Posts: 6,782   +61
Staff member
In brief: If you receive a Steam invite link to play Counter-Strike: Global Offensive (CS:GO), be wary: clicking on it could allow a hacker to take over your computer. If that wasn't bad enough, the bug could be made to spread to other devices, just like a worm.

According to a Motherboard report, the bug is found in Valve's Source Engine used by CS:GO, Dota 2, Team Fortress 2, and others. A security researcher who goes by the name of Florian said he reported the vulnerability to Valve via the bounty program in 2019, but while it has been fixed in almost all of the games, it's still present in CS:GO.

"Florian said that he was able to code an exploit to take advantage of the bug that works 80 percent of the time," writes the publication. He also warned of hackers using it to infect other machines.

"Once you infected somebody this person can be weaponized in order to infect their friends and so on," the researcher explained.

Valve, it seems, has a reputation for not being quick off the mark when it comes to addressing reported bugs. Carl Schou, the founder of the not-for-profit Secret Club group of security researchers, noted that Valve failed to acknowledge two other vulnerabilities reported by members of the group.

"Valve's response has been a complete disappointment right from the start. Our experience has always been slow response times, with little to no patches being pushed to production," he told Motherboard. "They truly don't care about the security and integrity of their games."

Permalink to story.

 

Neatfeatguy

Posts: 299   +431
"They truly don't care about the security and integrity of their games."

They don't even care about the people having to suffer through the countless bugs, crashes and overall mess they forced upon us with the updated UI for Steam. Many issues still plague a lot of people using Steam, but complaints seem to fall on deaf ears because fixes never (or rarely come) and only new unnecessary Steam updates get pushed out.

I haven't supported Valve for 2 years because of how they've been treating people and not fixing issues with their Steam software. I'll keep them on my boycott list of "not to buy from" until they can fix the crap they gave us.
 

Markoni35

Posts: 1,075   +441
Yeah, a "bug". Sure, just a pure accident. It's like saying: "I threw some trash in my backyard and after a few days it accidentally arranged itself into a fully-functioning Bugatti Divo. In every way identical to the real thing. Can't believe how lucky I am."

Lucy, lucky, lucky....