Report: Ubisoft's UPlay DRM contains dangerous security flaws

Code could allow malicious websites access to PC users' systems

Ubisoft's DRM system has been accused of allowing unprecedented access to users' PCs by potentially malicious websites, severely endangering the security of systems.

A post on SecList's full disclosure site by Google security engineer Tavis Ormandy claims that the vulnerability opens a backdoor for websites access the machines of any customer who has installed many of the publisher's most popular products on PC, including four Assassin's Creed titles and the latest Ghost Recon game.

"While on vacation recently I bought a video game called 'Assassin's Creed Revelations'. I didn't have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for its accompanying UPlay launcher, which grants unexpectedly (at least to me) wide access to websites," explains Ormandy in the post.

Supplying a piece of code which is said to prove his theory, Ormandy invited others to test his theory a challenge which has been picked up elsewhere.

Digital Foundry has also examined the exploit, backing up Ormandy's claims but dismissing others who have likened the code to a malicious root kit.

"The implications here are cause for concern: the exploit could be used to install trojans or other rogue software on your PC," says Digital Foundry's Rich Leadbetter.

"Scripts could be set-up that would wipe any data on your PC where the user has access. It's highly unlikely that Ubisoft left this backdoor in here on purpose, but regardless, it appears to have all the hallmarks of a major oversight that the firm should be correcting as a matter of extreme urgency."

Leadbetter recommends that anyone who has installed a Ubisoft PC title from the list below take immediate action to limit the potential damage whilst they await an official response from Ubisoft.

"Anyone with a PC title installed using the U-Play system can prevent the exploit from working by disabling the UPlay browser plug-in - in theory, it's as simple as that. Stopping the browser from running the plug-in closes the backdoor, and without that crucial bridge, malicious HTML based on this exploit will not function."

Ubisoft has been contacted for comment.

Potentially affected titles

  • Assassin's Creed II
  • Assassin's Creed: Brotherhood
  • Assassin's Creed: Project Legacy
  • Assassin's Creed Revelations
  • Assassin's Creed III
  • Beowulf: The Game
  • Call of Juarez: The Cartel
  • Driver: San Francisco
  • Heroes of Might and Magic VI
  • Just Dance 3
  • Prince of Persia: The Forgotten Sands
  • Pure Football
  • R.U.S.E.
  • Shaun White Skateboarding
  • Silent Hunter 5: Battle of the Atlantic
  • The Settlers 7: Paths to a Kingdom
  • Tom Clancy's H.A.W.X. 2
  • Tom Clancy's Ghost Recon: Future Soldier
  • Tom Clancy's Splinter Cell: Conviction
  • Your Shape: Fitness Evolved

More stories

Ubisoft CEO Yves Guillemot takes 30% pay cut

Company still at "high risk" of losing talent, but gender balance slowly improving

By Marie Dealessandri

Ubisoft issues statement of support to women and LGBTQ+ communities

Company to also host live stream benefitting LGBTQ+ youth crisis prevention organization, The Trevor Project

By Jeffrey Rousseau

Latest comments (7)

Kingman Cheng Illustrator and Animator 9 years ago
I just read about this over at Eurogamer. Ooooh boy...

They've yet to contact Eurogamer back about this to.
0Sign inorRegisterto rate and reply
Morville O'Driscoll Blogger & Critic 9 years ago
Yey! DRM bad for legitimate users shocker.
0Sign inorRegisterto rate and reply
Maybe the next step is to escalate to a dual security system?
0Sign inorRegisterto rate and reply
Show all comments (7)
Kingman Cheng Illustrator and Animator 9 years ago
Like Gmail's double authentication thingy?
0Sign inorRegisterto rate and reply
Morville O'Driscoll Blogger & Critic 9 years ago
Badly coded double-authentication is just as stupid as badly coded single-authentication. Surely the next step is to fix the security flaws, then spend a solid length of time ensuring there's no other flaws that have yet to be found. I'd hate to find the serials that I've registered through UPlay on Pastebin because of some flaw in the serial authentication software.
0Sign inorRegisterto rate and reply
Petter Solberg Freelance Writer & Artist, 9 years ago
Keep up the good work, Ubi! No reason to question the usefulness of DRM just because of a minor security issue...
1Sign inorRegisterto rate and reply
There is no question as the usefulness of DRM, it's 0% effective against average pirates, the only ones stumped by DRM are toddlers & pensioners, usually provides inferior service to customers then pirates experience, but very effective indeed at providing forced online services with associated opportunity for data mining on details to customers where they can attempt to sell you additional products such as DLC, and include additional advertising every time you launch the game.

And as long as they have the opportunity of using software piracy as an excuse to include such "DRM",which lets face is unlikely to ever go away, let alone any time soon so the word DRM is probably misnamed by this point, more like "DAS" for (Digital Advertisement System)systems, even the stupidest and most technophobic of games publishing board member would have worked out DRM does not prevent piracy years ago, however it had unexpected ancillary benefits when they included such advertisements.

Take Diablo III, its modern DRM systems consists of an online only system which is there solely to ensure all customers are only a couple of clicks away from buying from thier real money auction system at all times, that way the legitimate customers who are lumped with DRM of whom bought the game will obviously be far more likely given they paid in the first place then pirates to pay further money on things like DLC or in this case auction house cash, so why waste good money advertising on pirates.

By integrating DRM and advertising they eliminate wasted advertisement on those unlikely to pay for such things in the first place, ensure 100% of their advertisement is focused on those most likely to purchase and furthermore ensure even those customers normally reluctant to sign up to such online systems will be forced to in order to use their legitimate copy of the game, so tempting them to pay money from in-game will be much easier then in games where customers are given a choice about creating an online account.

From a customer prospective unless you love pouring your money away introducing potential security risks and wasting valulable computing time on said DRM, the whole deal sucks, from a pirates point of view, simply remove the DRM and you have a game free of such issues(ie they get the best experience), however from a business prospective its brilliant, using an excuse generated from one nuisance (piracy) to introduce the kinda of advertisement and additional content sales platforms they've wanted for years and if any customer complains they can just blame it on piracy, so yeah from a business prospective you can't really fault it, however as shown above even snazzy DRM needs to be coded with security in mind nowadays and woe betide those who don't, as there are plenty of real criminals out there looking to hack people's pc's for nefarious purposes and they're interest in DRM will be far more nefarious then that of pirates.
2Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.