Origin exploit discovered
Electronic Arts' virtual marketplace reportedly at risk from loophole that could swap games for malicious code.
We'll begin emailing you updates about %gameName%.
An Origin exploit has been discovered that allows hackers to swap games for malicious code, the BBC reports today. Researchers at security company ReVuln found the loophole, which stems back to the way the service launches games.
"Like many other programs, Origin uses a web-like syntax to keep track of the places games are found on a computer so they can quickly be started when people want to play," the BBC wrote. "The two researchers found a way to subvert this syntax to make it point to malicious code instead of a game."
EA confirmed to Ars Technica that it is investigating the exploit, though there is no evidence that the loophole has been manipulated by hackers.
"Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure," an EA representative told the site.
ReVuln researchers demonstrated the hack during the Black Hat Europe conference recently, showing off a Windows PC running Crysis 3 that was subsequently taken over by the attack code.
SimCity's record-breaking launch this month helped push Origin to a new concurrent peak user milestone of 1.3 million. The service has 39 million members as of December 31, though this figure is actually over 40 million when SimCity's 1.1 million sales are factored in.