Origin Security Flaw Could Have Let Hackers Run Malicious Code

origin security flaw

Latest News

Origin Security Flaw Could Have Let Hackers Run Malicious Code

April 17, 2019

By: Robert N. Adams

 
 

An Origin security flaw made it possible for hackers to run malicious code via Electronic Arts' digital distribution service. The flaw — since patched by EA — made use of an exploit involving origin:// links that were used by the program.

TechCrunch reports that that vulnerability only affected Windows users of the Origin digital distribution client. Daley Bee and Dominik Penner of Underdog Security discovered the issue and learned that the Origin security flaw could be used to trick the application into running pretty much anything. The flaw would have allowed programs to execute under the same administrative authority as the current user, essentially bypassing built-in security features.

The representatives from Underdog Security provided example code to TechCrunch that demonstrated the vulnerability. This demonstration simply activated the calculator program, but other, more nefarious uses were possible. A hacker could have used the same exploit to execute PowerShell commands which would have allowed them to download malicious software and potentially hold a user's computer hostage via ransomware. Mac users were unaffected by the Origin security flaw.

EA spokesperson John Reseburg has since confirmed that a fix for the security flaw has been rolled out. TechCrunch subsequently tested the same proof-of-concept code provided by Underdog Security and found that the exploit no longer worked, independently confirming that the flaw has indeed been repaired.

 
 

Unfortunately, there's no way of knowing for certain what damage may have been caused by the issue with the Origin digital distribution service. Thankfully, activating the exploit required that users clicked on a link to make use of the exploit so users who had good security practices were likely unaffected. Tens of millions of customers make use of Origin to purchase and play games since the client's debut in June of 2011.

What do you think of the Origin security flaw? Let us know in the comments below!

A photograph of Robert N Adams
Senior Writer

I've had a controller in my hand since I was 4 and I haven't stopped gaming since. CCGs, Tabletop Games, Pen & Paper RPGs - I've tried a whole bunch of stuff over the years and I'm always looking to try more!

Comments