EA Origin security flaw exposes users to hacks

Researchers describe a vulnerability in publisher's online storefront that could be used to run malicious code

Researchers with a web security company have described a security hole in Electronic Arts' Origin digital distribution service that leaves the company's customers at risk of being hacked, as reported by the BBC. According to a paper by ReVuln lead researchers Luigi Auriemma and Donato Ferrante, hackers could exploit the ability to launch Origin games via the web to run malicious code on users' computers.

The technique is similar to one ReVuln previously discovered in Steam, and centers around the Origin program using the origin:// URI to launch games from web links. Those links could be created to run unauthorized code while the system launches the game, so the compromised security would go undetected by users.

ReVuln said any computer with Origin installed on it is vulnerable, regardless of whether the program is actively running or what operating system is used. To remedy the issue without uninstalling Origin, the firm suggests disabling the origin:// URI handler in all web browsers that support the feature. It also suggested using a third-party tool to disable the URI globally, but that would also prevent desktop shortcuts to Origin games from working properly.

EA has put Origin's player base at 40 million registered users worldwide. According to the BBC, there is no evidence this security hole has yet been exploited maliciously.

When asked for comment on the vulnerability, an Electronic Arts representative told GamesIndustry International, "Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure."

UPDATE: On March 25, EA released the following statement: "Origin today issued an update that will make the hypothetical exploit of the Origin URI inoperable. We have no reason to believe it was ever used, but out of an abundance of caution for our players, we wanted to quickly address it."

Related stories

EA stock reaches all-time high ahead of Battlefront II loot box return

Company's stock rose 7%, peaking at $131 following recent financial results

By James Batchelor

Star Wars Battlefront II disappoints with over 7 million sold

Anthem delayed to 2019 to give it more space from next Battlefield game, holiday competition; Respawn Star Wars game to launch by April 2020

By Tom Mc Shea

Latest comments (1)

Private Industry 4 years ago
Not a good PR month for EA.
0Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.