• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Ubisoft DRM features exploit that allows arbitrary code execution (update: patched)

I don't get it. They're tracking everything you do through this backdoor program?

How is that even legal?

It can launch apps too.

Uplay is attached to Active X as well.

This should work theoretically (might be overkill) I can not verify as I don't have Uplay


Control Panel > Programs
Uninstall UBISOFT Game Launcher

Run Hijack this to make sure uplay is no longer listed, remove anything remaining

Reinstall ActiveX (to get rid of the changes associated with Uplay)
 
This really isn't as big a deal and some are making it sound, but hopefully it's addressed, sooner than later.

It has the potential to turn your computer into a Zombie. Websites can steal your credit card information. It's not a big deal, not at all. :p

Sure it might not happen to everyone with Uplay, but it shouldn't be possible in the first place, and now that it's known, it will be exploited.
 

Voidguts

Member
welp, this is great.. especially considering when I purchased AC2 & SC:C off of Steam it had absolutely no mention of 3rd party DRM - I even purposely ignored Driver: SF because of the "3rd-party DRM: Ubisoft Online Service Platform" warning. I was pretty pissed off when I had to install and make a "Uplay" account just to play AC, but I'd already spent the money so I bit the bullet.. wish I hadn't.
 
http://www.eurogamer.net/articles/digitalfoundry-uplay-has-serious-security-vulnerability
The implications here are cause for concern: the exploit could be used to install trojans or other rogue software on your PC. Scripts could be set-up that would wipe any data on your PC where the user has access. It's highly unlikely that Ubisoft left this backdoor in here on purpose, but regardless, it appears to have all the hallmarks of a major oversight that the firm should be correcting as a matter of extreme urgency.
Also, accusations have been levelled that UPlay is a "root kit", suggesting that it is something that hides itself by hijacking essential system tools and prevents them from showing the attacker's files. We've found nothing to suggest that UPlay has any kind of malicious intent along those lines, and while it looks like a highly significant lapse in security we don't think it can provide hackers with root access to your PC. Windows UAC should kick in whenever any such attempts are made.
I take exception with the bolded. How is it that the Firefox and Chrome plugins offer the same behaviour despite being different platforms?
 

xemumanic

Member
It has the potential to turn your computer into a Zombie. Websites can steal your credit card information. It's not a big deal, not at all. :p

Sure it might not happen to everyone with Uplay, but it shouldn't be possible in the first place, and now that it's known, it will be exploited.

I'm just echoing the sentiments quoted in the first post. Its easily dealt with by the end user until UbiSoft does something more concrete.
I didn't say this wasn't a problem.

Fixes before people start going crazy:

Originally Posted by SparkTR:
You want to fix this? Disable the plug-in in your browser. Done. People talking about reformatting their PCs are making me facepalm.

Quote:
Google chrome users: You can go to "about:plugins" and disable this and all other things that might expose you to extra security risks such as "Microsoft Office" (even "Native Client") or any other plugins that exposed in there by 3rd party without any confirmation.
 
I'm just echoing the sentiments quoted in the first post. Its easily dealt with by the end user until UbiSoft does something more concrete.
I didn't say this wasn't a problem.

A simple Disable is not going to be enough, unless you disable Active X with it, we don't have enough information to conclude that Active X hasn't been affected. That is unless it secretly doesn't allow you to. >.>

I hope it's that easy, I wouldn't hold my breath.
 
That means absolutely nothing. Plugins in Chrome and Firefox share much of the same code, if not all of it (chrome is compatible with NPAPI plugins).
Link says one is ActiveX and one is NPAPI. Surely they'd both be NPAPI if that were the case? But I'll take your word on it.
 

xemumanic

Member
A simple Disable is not going to be enough, unless you disable active x with it. That is unless it secretly doesn't allow you to. >.>

I hope it's that easy, I wouldn't hold my breath.

I think you're wrong. Disabling the plugin as all you need to do.

Quote:

So, how to protect yourself? Anyone with a PC title installed using the UPlay system can prevent the exploit from working by disabling the UPlay browser plug-in - in theory, it's as simple as that. Stopping the browser from running the plug-in closes the backdoor, and without that crucial bridge, malicious HTML based on this exploit will not function.
 
Just disabled the plug-ins in Firefox; never even noticed them there. So many measures to try and stop piracy, but in the end, it tends to backfire with even worst results. You'd think companies would have learned by now.
 

Reuenthal

Banned
What plugin to disable in my browser where? Sorry if this sounds dumb but I am not sure where to go and exactly handle this. For Firefox and Chrome.

Can someone post in detail the steps to do?
 

TGMIII

Member
ugh, I bought the AC pack during the steam sales after being convinced by other people that the Ubisoft DRM wasn't too bad.
 

1-D_FTW

Member
So I'm confused by this. Firefox doesn't even support Active X. And I'm not seeing any Uplay/Active X plugin in my plugin section of Firefox.

I know I've played at least AC2 since my last Windows install. Is this just some overblown nonsense?

EDIT: It should be noted I have NoScript installed and a website has to earn my trust for this. Maybe this is why it's not installed?
 
I think you're wrong. Disabling the plugin as all you need to do.

I hope I'm wrong; however, I don't like painting false images of security. What I mentioned is not hard. Some plugins can still be exploited when disabled. I hope it's an easy fix, it probably will be, but we need more information.
 

arit

Member
What plugin to disable in my browser where? Sorry if this sounds dumb but I am not sure where to go and exactly handle this. For Firefox and Chrome.

Can someone post in detail the steps to do?

Firefox: Add-Ons in the top menu [CTRL+SHIFT+A], then under Plugins both UPlay PC plugins.

I wonder why Firefox did not mention the installation of those plugins, I did not even know they existed until this thread.
 

Aretak

Member
This really isn't as big a deal and some are making it sound, but hopefully it's addressed, sooner than later.
Anybody who thinks this isn't a big deal simply doesn't understand the situation.

I doubt there was any malicious intent on Ubisoft's part, but they are spectacularly incompetent.
 
Firefox: Add-Ons in the top menu [CTRL+SHIFT+A], then under Plugins both UPlay PC plugins.

I wonder why Firefox did not mention the installation of those plugins, I did not even know they existed until this thread.

Because they are suppose to be ones you install manually through the firefox interface.

I am not worried about Ubisofts intent, I'm worried about the intent of criminals that can exploit it. :p


*Granted never installed a Uplay, Securom, etc title* I just buy those for the PS3 instead when they are on clearance. :)
 
So I'm confused by this. Firefox doesn't even support Active X. And I'm not seeing any Uplay/Active X plugin in my plugin section of Firefox.

I know I've played at least AC2 since my last Windows install. Is this just some overblown nonsense?

EDIT: It should be noted I have NoScript installed and a website has to earn my trust for this. Maybe this is why it's not installed?
Aye, we're talking about scripts being run here, which is exactly what NoScript is for. Temporary allow pastebin script access and you'll find the exploit works perfectly.
 

Reuenthal

Banned
Firefox: Add-Ons in the top menu [CTRL+SHIFT+A], then under Plugins both UPlay PC plugins.

I wonder why Firefox did not mention the installation of those plugins, I did not even know they existed until this thread.

Thanks. I don't see any Uplay plugin there.
 

Boss Doggie

all my loli wolf companions are so moe
I don't think I have a Uplay plugin in Firefox... I have Chrome, but I don't use it. The only games I have with Uplay are Anno 2070 and Settlers 7 and they're not on the list, so I'm safe?
 
I don't think I have a Uplay plugin in Firefox... I have Chrome, but I don't use it. The only games I have with Uplay are Anno 2070 and Settlers 7 and they're not on the list, so I'm safe?

As long as they didn't have Uplay when you installed it you should be fine. :)

I am pretty sure I didn't buy Anno 2070 because it contained Tages. So I am fairly sure it never had Uplay attached.
 

Boss Doggie

all my loli wolf companions are so moe
As long as they didn't have Uplay when you installed it you should be fine. :)

I am pretty sure I didn't buy Anno 2070 because it contained Tages. So I am fairly sure it never had Uplay attached.

They have Uplay when I played them, however I checked Firefox and Chrome, and no Uplay plugin was found.
 

ElRenoRaven

Gold Member
This just makes me all the more glad that the only Ubisoft games I've bought in the last 3 or so years were Rainbow Six 1 & 2 DRM free via Amazon when they had that DRM Free sell.
 

Perkel

Banned
When publishers will understand that DRM simply not work ?

DRM is restriction on legitimate users who pay for a game.

Meanwhile dude goes to piratebay oneclick download latest best protected game and apply a crack and he doesn't have to fucking with DRM nor he doesn't have to use internet connection everytime.


That is madness that only is created for shareholders.

Legitimate player is fucked.
Thief is in better situation.
Publishers and shareholders still loose money.


Good to know that GOG fights with it. It needs to be said loud and clear. It doesn't work.
 

Retne

Member
Well I guess it serves me right buying my first Ubisoft game since Sand of Time during the steam sale. Definitely never buying another.

It frustrates me to no end knowing that I could easily grab a pirate copy and I wouldn't have to deal with any of this bullshit. It's depressing when crackers are delivering not only a better product but a more secure one for no charge.

I wonder if there's a decent way to just rip uplay out of Ubisoft titles.
 

dreamfall

Member
Thanks for the heads up- definitely bought some Assassin's Creed stuff on Steam Sale, and just disabled the Plug-ins through Firefox. DRM/multiple log-ins for each game company are really starting to get cumbersome.
 
Going to play devil's advocate here, uPlay is a service first and a DRM second. With the popularity of Steam every publisher wants their own store, and to sell their games direct. The DRM aspect is just another layer on top of that.

It's aim is to stop the casual pirate who will lend a friend a disc, or password so they too can play on their machine. It's all about stopping that, not the torrenters. Many keep buying this shit in the Steam sale anyway, as if it's punishing Ubisoft. They don't give a fuck unless you stop buying it.
 
Well I guess it serves me right buying my first Ubisoft game since Sand of Time during the steam sale. Definitely never buying another.

It frustrates me to no end knowing that I could easily grab a pirate copy and I wouldn't have to deal with any of this bullshit. It's depressing when crackers are delivering not only a better product but a more secure one for no charge.

I wonder if there's a decent way to just rip uplay out of Ubisoft titles.

Nope.
 

Perkel

Banned
It's aim is to stop the casual pirate who will lend a friend a disc, or password so they too can play on their machine. It's all about stopping that, not the torrenters. Many keep buying this shit in the Steam sale anyway, as if it's punishing Ubisoft. They don't give a fuck unless you stop buying it.

They don't give a shit about lending your game. It's all about torrent sites because they can say something like this :

Publisher exec: This game has been downloaded 4 000 000 mln times so 4 000 000 x 60$ = 240 000 000$ lost money. Game is superb but this pirates stole our money it's not our fault we sold 500 k coppies. now give us couple mln of $$$ and we will invent new way of security to prevent people downloading games from torrent sites.

Shareholder: Here is your check.
 

Bittercup

Member
When publishers will understand that DRM simply not work ?

DRM is restriction on legitimate users who pay for a game.

Meanwhile dude goes to piratebay oneclick download latest best protected game and apply a crack and he doesn't have to fucking with DRM nor he doesn't have to use internet connection everytime.
I don't think publishers don't know that DRM is comparable effective against piracy as a "please don't pirate me"-txt file on the disc.
But it pleases shareholders to pretend doing something and it's relatively effective in restricting customers to not resell their games and publishers don't like the used games market. In this context DRM works.
And since apparently most customers accept DRM there's no reason for publishers to stop.
 

PaulLFC

Member
Google security engineer Tavis Ormandy has revealed a potential rootkit in Ubisoft's Uplay digital rights management (DRM) software. Uplay, which is bundled with games such as the Assassin's Creed series and Tom Clancy's Ghost Recon titles, is designed as a mechanism to protect Ubisoft's titles from being pirated. Writing on Seclists, Ormandy says he discovered the unexpected behavior in Uplay after installing a copy of Assassin's Creed Revelations.

"I don't know if it's by design, but I thought I'd mention it here in case someone else wants to look into it," says Ormandy. It doesn't appear that the Google security engineer has informed Ubisoft of his findings. Commenters over at Hacker News have published a proof of concept URL that appears to exploit a vulnerability in a browser plugin installed by Uplay — launching a copy of the built-in calculator in Windows. "Ubisoft installs a backdoor that allows any website to take over your computer," says one commenter. We have reached out to Ubisoft for comment on the issue and we'll update you accordingly.

http://www.theverge.com/2012/7/30/3201421/ubisoft-uplay-drm-security-hole-tavis-ormandy

If they can do the bolded, I would assume that could be made to launch any program, right? Doesn't sound good.
 

Bitmap Frogs

Mr. Community
My decision not to buy ANYTHING with a ubisoft tag attached to it is now vindicated.

Sadly, the morons running their PC division probably still blame their sales on piracy.
 
Top Bottom