News

Origin exploit found by third-party firm, "allows malicious users" to swap links
Posted: 19.03.2013 15:58 by Simon Priest Comments: 7
ReVuln researchers have found a particularly nasty coding exploit in EA's Origin platform that effectively could let malicious coders swap links around inside the platform to launch damaging attacks remotely.

The third-party security firm has published a detailed report on how EA can address the problem, and the publisher says they are "investigating" the issue. Avoid desktop icon launches for now.

By launching titles directly through the Origin platform you bypass the potential for links to be tampered with, such as those created on desktops and in start menus.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism," said ReVuln researchers Donato Ferrante and Luigi Auriemma. "In other words, an attacker can craft a malicious internet link to execute malicious code remotely on a victim's system, which has Origin installed."

The pair has published a report on how to tackle the exploit.

This certainly comes at a bad time for EA who are currently battling against negative PR surrounding the troubled launch of SimCity, and now the departure of CEO John Riccitiello. No one is said to have discovered the exploit and taken advantage at this stage. Hopefully a hotfix will be shortly due from EA's Origin team.
Source: Eurogamer

Comments

By herodotus (SI Herodotus) on Mar 19, 2013
herodotus
Good to know, but not a good 'discovery' for all those who are apt to pounce on any chance to attack Origin.
I've found Steam to be quite unstable, being web-based as it is allowing for viruses such as Google Re-direct and Pop-Up to tun rampant and unchecked.
By danfreeman (SI Core) on Mar 19, 2013
danfreeman
Origin please die,please.
By herodotus (SI Herodotus) on Mar 19, 2013
herodotus
Why oh why is everyone so quick to bash Origin? I just don't get it. It's, streamlined, low memory usage, unobtrusive and painless. It's caused me far fewer headaches than Windows Live, UPlay or even Steam for that matter.
By nocutius (SI Elite) on Mar 19, 2013
nocutius
I used to loathe the very idea of Origin at first simply cause it's from EA, I believe most of the hate stems from there.
On its own Origin might be fine but the company behind it makes it hard to trust that store.

I just happened to post a link in the comments over here that might be kinda relevant to this discussion:
http://www.strategyinformer.com/news/22280/electronic-arts-announces-free-games-for-patient-simcity-gamers

I know you mentioned similar issues regarding Steam but I doubt they were banning people preemptively.
By Hammerjinx (SI Veteran Member) on Mar 19, 2013
Hammerjinx
For me, the distaste of Origin comes from the fact that it's EA only. They stop putting their new games on Steam, then open their own store where you can buy only EA products. The whole thing with Steam feels a lot like EA are just sulking and taking their ball home with them. I don't have an issue with them selling their own stuff online - every publisher should - but yoinking it from other stores just feels greedy and petty.

I don't have an aversion to installing it if required, but it's less of a game store and more of a tool to get EA games without going to a brick store.

Given that the EA games that are on Origin, but not on Steam, cost more than I am willing to pay for them means that I have zero need for Origin at this time.
By herodotus (SI Herodotus) on Mar 20, 2013
herodotus
Well like them or not, EA remain the oldest Publishers left to us from the good old days. Oh yes we have a few developers like iD hanging around, but they are mere shadows of their former glorious selves. Blizzard is just a pseudonym for "bank" so what else is there?
Oh Ubisoft and Microsoft, of course.
Well they've sold out to the console world, while basically de-constructing their once great PC franchises.

Coming from the days of the earliest of videogames, and experiencing every great title, Developer and Publisher I still stand by EA simply as they remain the most solid consumer-focused group left. Their customer service is second-to-none, and always has been in my experience and overall.
By SiyaenSokol (SI Elite) on Mar 20, 2013
SiyaenSokol
I got Origin not too long ago, and I have to say that I still prefer Steam to it. Hearing about these exploits is not a situation that sits well with me. I really hope that EA will address this problem soon.