Origin Mimics Steam Security Flaw

Every time I publish a new article about Electronic Arts, a part of me dies a little.

Every time I publish a new article about Electronic Arts, a part of me dies a little. This week (more like this hour), it’s about EA’s direct-download client, Origin, and the massive vulnerability that puts more than 40 million users at risk for third-party exploit. 

Recommended Videos

Participants in a Black Hat event last Friday in Amsterdam recognized and demonstrated the exploit by installing malicious software on vulnerable computers. “The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism,” ReVuln researchers Donato Ferrante and Luigi Auriemma detailed during the event. In layman’s terms, a user accesses a URI in-game, and Origin’s overlay is tricked into treating it as a friendly install link. Unfortunately, instead of downloading Battlefield 3, you’re left with Battlefield: Kill Your GPU

By modifying the variables in the underlying URI links, the commands to start a game can be replaced with instructions that cause a computer to install a malicious program instead. The technique works against people who have installed Crysis 3 and a variety of other games. Other techniques work against machines with different titles installed.

The exploit is exceptionally similar to one that affected Steam late last year. As far as I can tell, Steam has yet to patch this problem in their architecture. This indicates either: the exploit is too gosh darn complicated to fix (doubtful), or that the security risk is a necessary gamble, and both companies consider the benefits of the URI system to outweigh the concerns (exceptionally more probable, if not slightly disappointing). 

Poor EA is increasingly the subject of media attention lately, and stock reports indicate a slowly sinking venture. I’m not saying you should abandon ship–I’m not even saying that EA won’t be able to recover from Q1 2013–but I am saying is that there’s definitely room for another free game in my Origin library, EA. 

Just kidding. Mostly. 


GameSkinny is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more
related content
Read Article Wuthering Waves Player Creates Star Rail Equivalent Chart
Wuthering Waves and Honkai StarRail covers with Reddit icon in between them
Read Article Skyrim Players Still Want Sexy Armor for Male Characters
Skyrim cover after of an armored male character
Read Article Assassin’s Creed Shadows Ignites Ghost of Tsushima Reddit Debate
Split image of Assassin's Creed Shadows Yasuke and Naoe and Jin Sakai from Ghost of Tsuhima
Read Article Sims 4 Roadmap Teases More Romance With New Content
Sims 4 season of love roadmap, new date spots, kits, expansion, and more
Read Article Little Kitty, Big City Assures Players They Can’t Hurt the Cat
Kitty safely checks out a sunny nap spot inside a satellite dish in Little Kitty Big City
Related Content
Read Article Wuthering Waves Player Creates Star Rail Equivalent Chart
Wuthering Waves and Honkai StarRail covers with Reddit icon in between them
Read Article Skyrim Players Still Want Sexy Armor for Male Characters
Skyrim cover after of an armored male character
Read Article Assassin’s Creed Shadows Ignites Ghost of Tsushima Reddit Debate
Split image of Assassin's Creed Shadows Yasuke and Naoe and Jin Sakai from Ghost of Tsuhima
Read Article Sims 4 Roadmap Teases More Romance With New Content
Sims 4 season of love roadmap, new date spots, kits, expansion, and more
Read Article Little Kitty, Big City Assures Players They Can’t Hurt the Cat
Kitty safely checks out a sunny nap spot inside a satellite dish in Little Kitty Big City
Author
HC Billings
HC Billings is an excellent gamer, acceptable writer, and laughable parkourist.