EA Origin security flaw exposes users to hacks

Researchers describe a vulnerability in publisher's online storefront that could be used to run malicious code

Researchers with a web security company have described a security hole in Electronic Arts' Origin digital distribution service that leaves the company's customers at risk of being hacked, as reported by the BBC. According to a paper by ReVuln lead researchers Luigi Auriemma and Donato Ferrante, hackers could exploit the ability to launch Origin games via the web to run malicious code on users' computers.

The technique is similar to one ReVuln previously discovered in Steam, and centers around the Origin program using the origin:// URI to launch games from web links. Those links could be created to run unauthorized code while the system launches the game, so the compromised security would go undetected by users.

ReVuln said any computer with Origin installed on it is vulnerable, regardless of whether the program is actively running or what operating system is used. To remedy the issue without uninstalling Origin, the firm suggests disabling the origin:// URI handler in all web browsers that support the feature. It also suggested using a third-party tool to disable the URI globally, but that would also prevent desktop shortcuts to Origin games from working properly.

EA has put Origin's player base at 40 million registered users worldwide. According to the BBC, there is no evidence this security hole has yet been exploited maliciously.

When asked for comment on the vulnerability, an Electronic Arts representative told GamesIndustry International, "Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure."

UPDATE: On March 25, EA released the following statement: "Origin today issued an update that will make the hypothetical exploit of the Origin URI inoperable. We have no reason to believe it was ever used, but out of an abundance of caution for our players, we wanted to quickly address it."

Related stories

EA plans to add 500 new jobs in Montreal

Publisher will invest an estimated $500 million in Quebec over the next 10 years

By Brendan Sinclair

NHL sizing up eSports opportunity

Commissioner Gary Bettman envisions something like the NBA 2K eLeague, with each team running its own gaming squad

By Brendan Sinclair

Latest comments (1)

Private Industry 4 years ago
Not a good PR month for EA.
0Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.