Gaming platforms have many sensitive areas to exploit and manipulate – either the users themselves or the platform could become potential victims, warns Check Point. The vulnerabilities highlight the risks for gamers, and there are many of them. According to Statista, there were almost 1.5 billion gamers in the Asia Pacific region in 2020, making it the largest region for video gaming worldwide. Some 2.7 billion gamers are estimated to play across the globe this year.
With a meteoric rise in exposure, it is no surprise that popular gaming has attracted the attention of threat actors, Check Point said. The company recently examined a major networking library used for online gaming, Valve’s Game Networking Sockets (GNS) or “Steam Sockets”, and said hundreds of thousands of gamers could be at risk. GNS is the core networking library used in games such as Valve’s own titles (CS:GO, Dota2, Team Fortress 2, and more) and in several third-party titles (Bungie’s Destiny 2).
One vulnerability involves communication, as it potentially allows an attacker to take control of a computer that is connected to a third party game server. One example provided by Check Point is an attacker remotely crashing an opponent’s game client to force a win or even performing a “nuclear rage quit” so as to crash the Valve game server completely.
Potentially the most damaging is the fact that when users are playing a game created by third-party developers, attackers can remotely take over the game’s server to execute arbitrary code, Check Point noted. This would enable an attacker to take control of the gamer’s computer and steal his or her credentials, then obtain private information.
This vulnerability may have affected hundreds of thousands players daily. The Steam platform is the largest digital distribution platform for PC gaming. In 2019, the service had over 34,000 games and as of September 2020, Steam reached a record peak of over 21 million concurrent users and over 95 million active monthly users.
Unlike previous attacks where the user needs to press a link or download a file to execute malware, the victims would only have to log into the game to be affected.
Eyal Itkin, Security Researcher at Check Point, said, “Video games have reached an all-time-high during the coronavirus pandemic. With millions of people currently playing online games, even the slightest security issue can be a serious concern for gaming companies and gamer privacy. Through the vulnerabilities we found, an attacker could have taken over hundreds of thousands of gamer computers every day, with the victims being completely blind to it. Other attack scenarios include sabotaging online games, in which an attacker is able to crash the server at any time they please, forcing the game to stop for all gamers at once."
Eyal added, "Popular online platforms are good harvesting ground for attackers. Whenever you have millions of users logging into the same place, the power of a strong and reliable exploit raises exponentially. With sky rocketing popularity and massive usage of video games throughout the coronavirus pandemic, the gaming industry should be subject to scrutiny, since the risk is very real and the impact may be as serious. Gamers should pay close attention to any games downloaded before September of this year.” Check Point researchers notified Valve about four different vulnerabilities discovered in its research (CVE-2020-6016 through CVE-2020-6019). Valve’s team fully patched the vulnerabilities quickly with great cooperation and full visibility.
Gamers playing non-Valve games should check that their game clients received an update in recent months. Any game downloaded before September 4 2020 might have been affected; this is the date that the library was patched by Valve.
Check Point has also reported on vulnerabilities in EA Games that could have exploited millions of player accounts within the world’s second-largest gaming company. According to Check Point, the potential damage could have involved an attacker gaining access to a user’s credit card information and possessing the ability to fraudulently purchase in-game currency on behalf of the user. In addition, CPR discovered security vulnerabilities in the popular Epic Game Fortnite, which is played by nearly 80 million people worldwide.
Explore:
No comments:
Post a Comment