Ubisoft DRM Lets Remote Attackers In

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
A new report claims that Ubisoft's DRM gives attackers remote access to your system. Not sure why no one noticed this before. :(

Hacker Tavis Ormandy has discovered a serious vulnerability in a well-known PC game DRM system. The Google engineer said that after buying a game from Ubisoft he became aware that its “Uplay” browser plug-in might prove problematic. In the early hours of this morning Ormandy confirmed that the add-on allows remote and “wide access” to machines running the DRM, potentially giving malicious attackers free reign to wreak havoc.
 
That isn't an exploit. It's an access point for Ubisoft technical support staff personnel so they can monitor system activity and performance in order to enhance the quality of the service they provide and better target you with in-game advertisements that will interest you. Ubisoft will NEVER record your personal identity or use the service access point without your agreeing to the Terms and Conditions outlined in the EULA that comes with every Ubisoft product.
 
It is crap like this that is why I refuse to buy DRM laden PC games. It is a shame that 90% of my game purchases these days are for consoles when I overwhelmingly prefer to game on my PC. It is pathetic that I am treated like a criminal as a PC gamer.
 
That isn't an exploit. It's an access point for Ubisoft technical support staff personnel so they can monitor system activity and performance in order to enhance the quality of the service they provide and better target you with in-game advertisements that will interest you. Ubisoft will NEVER record your personal identity or use the service access point without your agreeing to the Terms and Conditions outlined in the EULA that comes with every Ubisoft product.

You don't really believe that's the ONLY way they will use it do you? :eek:
 
That isn't an exploit. It's an access point for Ubisoft technical support staff personnel so they can monitor system activity and performance in order to enhance the quality of the service they provide and better target you with in-game advertisements that will interest you. Ubisoft will NEVER record your personal identity or use the service access point without your agreeing to the Terms and Conditions outlined in the EULA that comes with every Ubisoft product.

Except that there wasn't any system in place to prevent non-Ubisoft technicians from exploting it for other reasons. Even if Ubisoft only used it for the stated purposes, what about the people using it for other purposes?
 
That isn't an exploit. It's an access point for Ubisoft technical support staff personnel so they can monitor system activity and performance in order to enhance the quality of the service they provide and better target you with in-game advertisements that will interest you. Ubisoft will NEVER record your personal identity or use the service access point without your agreeing to the Terms and Conditions outlined in the EULA that comes with every Ubisoft product.

If you don't mind answering, what is your occupation?
 
Just another reason why I dont buy any ubisoft games. Not even on console
 
I'm a systems administrator which means I dumpster dive outside of the offices of more successful companies for both new equipment and the occasional snackies.

Ah, ok. All good then. I was wondering how you could give the Ubisoft guarantee. Which would be a similar case of me giving the Best Buy Geek squad guarantee. ;) But I'm sure your dumpster driving has handed you some good insider information, info that somebody forgot to delete. I was wondering, given the odds that you probably aren't part of Ubisoft marketing team. :p
 
Ah, ok. All good then. I was wondering how you could give the Ubisoft guarantee. Which would be a similar case of me giving the Best Buy Geek squad guarantee. ;) But I'm sure your dumpster driving has handed you some good insider information, info that somebody forgot to delete. I was wondering, given the odds that you probably aren't part of Ubisoft marketing team. :p

Well, I did say more successful companies so that doesn't really eliminate me from being a possible Ubisoft employee. :D
 
That isn't an exploit. It's an access point for Ubisoft technical support staff personnel so they can monitor system activity and performance in order to enhance the quality of the service they provide and better target you with in-game advertisements that will interest you. Ubisoft will NEVER record your personal identity or use the service access point without your agreeing to the Terms and Conditions outlined in the EULA that comes with every Ubisoft product.

Skribbel... you've done it again! LOL
 
Ubisoft can go kiss my a*s*s! I am not going to buy a game from them that when they decide to turn off there servers, I can no longer play even though it is just single player. (That is, unless they charge $10 just so I can rent it which is what always on DRM is anyways.)
 
I'm a systems administrator which means I dumpster dive outside of the offices of more successful companies for both new equipment and the occasional snackies.

Yay for dumpster diving :D! Lol sure those snacks are quite.. ripe..
 
Skribbel... you've done it again! LOL

It's Monday...people should have a reason to smile. :)

Yay for dumpster diving :D! Lol sure those snacks are quite.. ripe..

It's one of those great fringe benefits I get! When they said self-service cafeteria with a frequently changing selection, I wasn't quite sure what that meant, but now I know and I've never been happier.
 
Supposedly fixed:

wydYB.png
 
Dangit! I was wondering where all my porn went! Hold on a sec, I think someone is knocking at my door...

2072366.jpg
 
It's Monday...people should have a reason to smile. :)



It's one of those great fringe benefits I get! When they said self-service cafeteria with a frequently changing selection, I wasn't quite sure what that meant, but now I know and I've never been happier.

Lucky you, I bring lunch from home and it is usually the same ole. I'm sure each meal you have is quite nicely marinated with lots of flavors :D.
 
Lucky you, I bring lunch from home and it is usually the same ole. I'm sure each meal you have is quite nicely marinated with lots of flavors :D.

The closer to the bottom you get, the more the available selection changes from "pieces" to "liquids" and though there are some great liquids out there like melted ice cream, I recommend saving those trips to the bottom for days when you're not going to be in the office much. People seem to complain more about smells for whatever reason. :)
 
It is crap like this that is why I refuse to buy DRM laden PC games. It is a shame that 90% of my game purchases these days are for consoles when I overwhelmingly prefer to game on my PC. It is pathetic that I am treated like a criminal as a PC gamer.

So you buy games on a system where every game comes with DRM? That makes sense.. :confused::confused:
 
Maybe I'm missing something, but mine won't update... But I'm keeping that plug-in off now anyway.

According to this article, you need to update your Uplay PC application without a web browser open.

"Oops, you caught us! Haha, well, let's just remove that backdoor from your system now and whistle something innocent..."
 
I'd be willing to bet this has come about because someone was tired of Ubi accusing PC gamers as pirates of the gaming industry.

Not that big a deal IMHO, they seem to have handled it properly by releasing a patch/update that fixed the issue.
 
So you buy games on a system where every game comes with DRM? That makes sense.. :confused::confused:
console DRM isn't intrusive though, it's usually 100% invisible and non-disruptive to the user (unless they try to copy a disc)
 
According to this article, you need to update your Uplay PC application without a web browser open.

"Oops, you caught us! Haha, well, let's just remove that backdoor from your system now and whistle something innocent..."

I've tried, for some reason it doesn't do anything. So I just disabled the plug-in instead.
 
This isn't really a Ubisoft thing, but more of an invasive DRM thing. I'm sure other DRMs have similar problems and had to be fixed.

Havne't bought a ubisoft game since their DRM, and this news makes me glad about that.
 
not the first time tho, Sony DRM on cd (which they had to remove) also did the same thing for exploiters to use. All these companies have their head firmly up their ass and think DRM is a lifesaver. I would hope that someone with a healthy cashflow brings a nice lawsuit against installing backdoors on your computer (EULA doesn't mean anything in the courts anyway).
 
console DRM isn't intrusive though, it's usually 100% invisible and non-disruptive to the user (unless they try to copy a disc)

requiring proprietary hardware (aka console) is pretty heavy handed DRM if you ask me
 
Ubisoft has done many a bad DRM decision through time.
* The first one I know of was the use of StarForce, a piece of software that could easily damage the user's hardware. At the very best it made any use of a CD/DVD-writer (as a writer) a very slow affair...
* Then came this crap that you had to be on-line without any interrupt or hick-up to run the game.
* And now this vulnerability-infestation! :mad:
 
Back
Top