Ubisoft UPlay Software Could Pose a Major Security Threat

By David Gilbert: Subscribe to David's | July 30, 2012 1:01 PM GMT

  • FOLLOW IBT: YOUR ONE-STOP NEWS SITE
  • Google Plus

Update: Ubisoft has issued a patch for the Uplay flaw

Share article

The games publisher Ubisoft is facing questions about the security of its DRM software after a major security threat was exposed by a Google security researcher.

An information security engineer at Google, Tavis Ormandy, discovered the vulnerability within software automatically installed on your PC every time you play a video game from developer and publisher Ubisoft. Ormandy say a plugin grants unexpectedly (at least to me) wide access to websites.

This discovery have led many to say that Ubisoft's UPLay DRM software is in fact a rootkit, which, once installed, opens up users' PCs to attack from malicious websites.

  • FOLLOW IBTIMES
  • Google Plus

UPlay is software bundled with almost all of Ubisoft's games including the high-profile Assassin's Creed titles and Tom Clancy's Splinter Cell. The UPlay software is installed to prevent piracy but, it also installs a plugin which allows any website to  to run code on any PC running the plugin.

However, the plugin is an ActiveX component and as such will only run in Internet Explorer, meaning those using Chrome, Friefox or another web browser are not vulnerable. If you are using Internet Explorer and are worried about this vulnerability, then you can disable the plugin in your browsers plugin settings.

A rootkit is a form of malicious software (malware) designed to hide the existence of certain processes or programs from normal methods of detection.

According to Ormandy, who revealed the discovery on a security email list called Full Disclosure, he found the vulnerability while on holiday:

"While on vacation recently I bought a video game called "Assassin's Creed Revelations". I didn't have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for its accompanying Uplay launcher, which grants unexpectedly (at least to me) wide access to websites."

We have been in touch with the UK press office of Ubisoft and were told the company is preparing a statement on the matter.

This article is copyrighted by IBTimes.co.uk, the business news leader
Join the Conversation
Tim Cook Explains Apple’s Tax Position To Senate
READ MORE
Kazuo Hirai

Sony Considering Selling off Music and Film Divisions

Eric Schmidt @ Google's Big Tent 2013

Eric Schmidt: Google Will Continue Investing in UK 'No Matter What'

James Brokenshire

Security Minister James Brokenshire: We are Tackling Cyber-Crime [VIDEO]

Sir Tim Berners Lee

Google Announces Finalists for £2M Charity Prizes

Microsoft Unveil Xbox One Console and all-new Kinect

Microsoft Unveils Xbox One Console with All-New Kinect [VIDEO]

Xbox One

Why Games Matter Blog - Give Me Back My Console

Labour leader Ed Miliband addresses Google's Big Tent

Miliband Tells Google 'Do the Right Thing'

Apple Tax Avoidance

Irish Government 'not to Blame' for Apple's Tax Dodge [VIDEO]

Indian Hackers Target Pakistan US China

Indian Hackers Target National Security Interests in Pakistan, US and China

IBTimes UK

Online Media Awards: IBTimes UK Challenges News Giants with Nomination for Four Media Awards

World
Indian Police Arrest A Suspect in The Mumbai Terror Attacks Probe

Featured Videos