The games publisher Ubisoft is facing questions about the security of its DRM software after a major security threat was exposed by a Google security researcher.
An information security engineer at Google, Tavis Ormandy, discovered the vulnerability within software automatically installed on your PC every time you play a video game from developer and publisher Ubisoft. Ormandy say a plugin grants unexpectedly (at least to me) wide access to websites.
This discovery have led many to say that Ubisoft's UPLay DRM software is in fact a rootkit, which, once installed, opens up users' PCs to attack from malicious websites.
UPlay is software bundled with almost all of Ubisoft's games including the high-profile Assassin's Creed titles and Tom Clancy's Splinter Cell. The UPlay software is installed to prevent piracy but, it also installs a plugin which allows any website to to run code on any PC running the plugin.
However, the plugin is an ActiveX component and as such will only run in Internet Explorer, meaning those using Chrome, Friefox or another web browser are not vulnerable. If you are using Internet Explorer and are worried about this vulnerability, then you can disable the plugin in your browsers plugin settings.
A rootkit is a form of malicious software (malware) designed to hide the existence of certain processes or programs from normal methods of detection.
According to Ormandy, who revealed the discovery on a security email list called Full Disclosure, he found the vulnerability while on holiday:
"While on vacation recently I bought a video game called "Assassin's Creed Revelations". I didn't have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for its accompanying Uplay launcher, which grants unexpectedly (at least to me) wide access to websites."
We have been in touch with the UK press office of Ubisoft and were told the company is preparing a statement on the matter.