EA is not having a good month. Between SimCity woes and EA CEO John Riccitiello stepping down from office, the company has been suffering a number of misfortunes the past few weeks. As if that’s not enough, researchers from Amsterdam’s Black Hat security Conference demonstrated an exploit that was found on Origin, EA’s game distribution service.
This exploit enables hackers to use Origin as an attack platform to install malware and viruses onto the end user’s computer. The exploit uses a user’s game titles against them, using URLs that begin with “Origin://”, and replacing those links with malicious links that tell the computer to download malware onto the computer.
Valve’s Steam service, and its fifty million users were also vulnerable to this exploits a few months ago. Users were advised not to set their browsers to not automatically open up links with “Steam://” at the beginning of their URLs without checking if they were legitimate links.
EA representatives said they are aware of the problem. A company spokesperson wrote in an email to Ars Technica in regards to the exploit:
“Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure.”
While Origin doesn’t quite have as large of a player base as Steam, EA’s game distribution platform caters to over thirty million users, which makes this exploit a potential hazard to a large amount of people. Fortunately, this kind of hack is easily prevented: All you need to do is to treat Origin links with a small amount of suspicion, and set your browser to ask for approval whenever you open up a link with Origin:// at the beginning. It may be a small inconvenience for you, but it’s worth it in the long run.
Source [Ars Technica]