July 30, 2012

DRM Rootkit Found In Ubisoft

Enid Burns for - Your Universe Online

Software that comes with most Ubisoft PC game titles has been found to put user computers at risk. Google engineer Travis Ormandy identified the DRM Rootkit, which opens the (back) door to hackers looking to get into a computer, DailyTech reports.

The risky code comes with installation of Ubisoft's secured Uplay service. Uplay is a Web-based gateway to games, and the publisher uses the service to authenticate the company's software, making sure that the computer has rights to run games such as Assassin's Creed, Splinter Cell, Rayman, and Far Cry. What Ormandy found was that the software installs a browser plug-in that acts as a rootkit, which allows open access to the computer. "Hackers could also exploit the open door in escalation of privileges attacks on the user's machine," DailyTech says Ormandy noted.

The affected titles include five Assassin's Cred games, three Tom Clancy games, Driver: San Francisco and Settlers 7. Ormandy first noticed the rootkit when installing Assassin's Creed: Revelations.

Ormandy apparently discovered the offending software during leisure time. BBC News reports he sent the news to a mailing list for information security experts and hobbyists. He wrote: "While on vacation recently I bought a video game called Assassin's Creed Revelations. I didn't have much of a chance to play it, but it seems fun so far."

He continued. "However, I noticed the installation procedure creates a browser plug-in for its accompanying Uplay launcher, which grants unexpectedly (at least to me) wide access to websites."

Customers who have purchased games from Ubisoft are already upset with the DRM measures Ubisoft uses. Some customers complained that they have legitimately purchased titles, but the software still locks gamers out of playing games when their machines are offline. DailyTech says there is a possibility of a class action lawsuit against Ubisoft, though it's unclear whether customers will take action against being locked out of gameplay, or the Uplay software installing a rootkit that puts user computers at risk.

In order to restore goodwill with its customer base, Ubisoft quickly updated its software to fix the security hole, BBC News reports. The emergency patch was rushed out to computers with registered software from Ubisoft and the Uplay software.

Ubisoft also took several actions to reach its users, in order to ensure that computers were quickly fixed. A community developer with the username Korchaa posted on the Ubisoft forums on Monday to get the word out. "Hi everyone, We have just released a new patch for Uplay PC, which will update your client to version 2.0.4. This patch corrects a flaw  in the browser plug-in that was brought to our attention earlier today. We recommend that you update your Uplay PC application without a web browser open, as this will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch is also available from"

Further assurances were included in the post. "Ubisoft takes security issues very seriously, and we will continue to monitor all reports of vulnerabilities within our software and take swift action to resolve such issues," Korchaa said in his post.

The thread was then closed. Further comments from the Ubisoft community were not allowed in this particular thread. One poster in another thread requested Ubisoft post patch release notes. This appears to be unrelated to the rootkit. The user likely wanted to know what bugs were fixed in the update. "Please get the patch release notes so that we know what to expect in the upcoming 1.4 patch? A list of bugs that have been addressed would be very much appreciated," the post said. A quick scan of the forum didn't reveal any reaction to the rootkit issue.