Ubsoft DRM ships with backdoor

A security expert at Google has found that the Ubsoft DRM can be used to provide hackers with a back-door to your PC.

Tavis Ormandy found what he thought was a potential rootkit in Ubisoft’s Uplay DRM software Uplay, which is bundled with games such as the Assassin’s Creed series and Tom Clancy’s Ghost Recon.

The DRM is supposed to protect Ubisoft’s titles from being pirated but Ormandy says he discovered some unexpected behaviour in the software.  He posted his results here

Commentators at Hacker News followed his lead and published a proof of concept URL that appears to exploit a vulnerability in a browser plugin installed by Uplay which launched a copy of the built-in calculator in Windows.

Basically it means that the DRM installs a backdoor that allows any website to take over your computer, one of the site members said. 

Ubisoft has issued a statement, saying the company published a patch which fixes the browser plug-in vulnerability earlier today. The statement recommends that users either update Uplay without a browser window open, or download an updated installer from the Uplay website.

What is lacking is a comment saying sorry for allowing customers computers to be hacked, but still it did come up with a patch pretty smartish.

Software DRM is widely hated by practically everyone in the gaming community particularly as it is responsible for a lot of computing’s “bad experiences” and complaints. The classic case was the Sony DRM which was so bad it made games unusable and had to be recalled.