, , , , , , , , , ,

Gamers are fixing a video game ‘taken over’ by hackers

A popular first-person shooter game has significant vulnerabilities that allow malicious hackers to take over other players’ computers, as long as they are in the same online match. The situation is so dire that some streamers have urged people not to play the game, as they have declared it “completely unplayable” because hackers have “taken over.”

“I’ve been running into a lot of them, it’s been like almost every single lobby,” one streamer said in a video from six months ago.

The vulnerabilities are in Call of Duty: Black Ops III, a game published by Activision. According to another streamer “hackers have a tool that can reveal your IP address,” when playing the game.

“They can join your game, they can kick you from the game, they can corrupt your [Downloadable Content], they can crash your game, they can fucking do anything they want,” he added.

Released in 2015, Black Ops III still attracts more than 5,000 players a day, according to stats from the gaming platform Steam. Because of its age, patching the vulnerabilities does not appear to be a priority for the game’s publisher Activision, so two gamers-turned-hackers have taken it into their own hands to patch the game’s vulnerabilities and make it safer to play.

“The game has become infested with hackers. There are tons of security vulnerabilities which have a severe impact,” Maurice Heumann, one of the two hackers behind the effort to fix the game, told TechCrunch. “You can get hacked just by playing the game. Your data can be stolen and so much more.”

Heumann has been reverse engineering Black Ops III since 2015. At the time, he and a friend were working on a “client” — essentially a modified, customized version of the game — but because they were “young and dumb,” he said, they tweeted about their project and Activision sent them a cease and desist letter, which “totally frightened” them and prompted them to stop working on the client.

Now Heumann is trying again, and this time, at least so far, Activision doesn’t seem to mind. He said he found two vulnerabilities in the game capable of remote code execution, or RCE — a type of flaw that allows malicious hackers to remotely run code on the target’s device, effectively taking full control of it — and reported them to Activision on May 14 and December 2, 2022.

Activision acknowledged the first bug report, and awarded him a bug bounty for reporting it. In the case of the second bug, Heumann said he hasn’t heard back yet.

So far, however, Activision has yet to fix them. (Heumann shared screenshots with TechCrunch of his bug reports to Activision.)

“I assume they somehow recorded that they exist, passed it on to the dev team and then somehow it gets lost, probably due to the fact that old games have no priority anymore […] the old games are old, nobody buys new copies anymore, so spending time on maintaining them is not worth it,” he said. “As activision is not doing anything, I’m just going to fix things myself.”

Activision spokesperson Neil Wood did not comment when reached prior to publication.

Heumann’s project is open source and he is asking people in the community to support it, given that he’s working on it in his spare time.

The idea is that his client will essentially replace the game’s official launcher — or launching it through Steam — so when players open it, the client patches the vulnerabilities, applies performance fixes and lets players play “safely without having to worry,” he said.

The downside of this approach is that the players using his version of the game cannot interact with other players using the official game. But Heumann’s goal is to get as many people as possible to his ecosystem, luring them by offering not only better security but also modifications and other features not present in the current game.

Heumann said that the only things that are not open source are the patches for the vulnerabilities, because those would help malicious hackers find and exploit them with people who are using the vulnerable version of the game.

After nine months working on it again, Heumann said the project isn’t completed yet, but he has almost 180 testers who are helping him find and fix bugs, and may be ready for regular players in a couple of months.

Heumann is one of several hackers working to make the game safer for players. Another altruistic hacker who goes by the online handle shiversoftdev is also working on a project to protect Black Ops III players, which he calls a “community patch.” His approach is different from that of Heumann, as his goal is to still let players launch the game from Steam, letting them stay in the official ecosystem, but without having to worry about getting hacked.

“It’s unfixable. Don’t play it, don’t buy this game.”

Shiversoftdev is also helping Heumann with his project, but he admits that Heumann’s project will be the better one in the long term.

“I primarily focus on protecting players who need/want to stay on the official [Black Ops III] servers, where [Heumann] is targeting his own ecosystem,” shiversoftdev told TechCrunch. “I focus on only fixing critical problems with the game. Additionally, [Heumann] can leverage the fact that all players in his ecosystem are on his version of the game, allowing for much stronger protection methods.”

Heumann and shiversoftdev are not the only ones who have decided to fix old games on their own, without waiting for the original developers. In 2020, a coder who goes by the nickname Milenko created a bot detector for the 2007 first-person shooter Team Fortress 2. The game is notoriously riddled with bots and cheaters, so the coder developed their own special bots, which detect other bots and cheaters, and automatically kill them or flag them to other players, giving them the chance to vote them out of the game.

While they still work on their patches and clients, Heumann and shiversoftdev both suggest players avoid Black Ops III entirely, or at least use the community patch.

“I cannot understate how trivial the exploitation of this vulnerability is,” shiversoftdev said. “Patch up if you can, and if not, try to avoid public multiplayer lobbies. If you stream, use alt accounts and avoid getting your steam username leaked. Use a VPN while connected to any [Call of Duty] servers.”

They both face an uphill battle. According to one of the streamers who has denounced the existence of cheaters and hackers on Black Ops III, “hackers are so fucking annoying they will spend hours and hours creating new tools to bypass the patches that the community is creating so it’s just this endless cycle of creating patches creating new mods creating patches creating new mods.”

“It’s unfixable. Don’t play it, don’t buy this game,” he said. “If you have the game on Steam uninstall it.”


Do you hack or reverse engineer video games? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.

Gamers are fixing a video game ‘taken over’ by hackers by Lorenzo Franceschi-Bicchierai originally published on TechCrunch

https://techcrunch.com/2023/02/28/gamers-are-fixing-a-video-game-taken-over-by-hackers/


December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis This Week in Tech (Audio)

So You Want to Solve the NJ Drone Mystery? Our Expert Has Some Ideas Infowars Sale to The Onion Rejected by Federal Bankruptcy Judge Federal appeals court declines to temporarily block ban on TikTok, teeing up showdown at SCOTUS over controversial law WordPress parent company must stop blocking WP Engine, judge rules Crypto's Legacy Is Finally Clear Tech Industry and CEOs Curry Favor With Trump Ahead of His Inauguration AI Is Detecting More Breast Cancer Cases, Study Suggests Huge randomized trial of AI boosts discovery — at least for good scientists GM Calls It Quits on Mary Barra's $50 Billion Robotaxi Dream You Can Buy a Car on Amazon Now Host: Leo Laporte Guests: Cathy Gellis, Mike Elgan, and Emily Forlini Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: mintmobile.com/twit shopify.com/twit
  1. TWiT 1010: The Densest State in the US – TikTok Ban, Drones Over Jersey, GM Quits Robotaxis
  2. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits
  3. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent
  4. TWiT 1007: All the Hotdogs in the World – China's "Salt Typhoon" Hack, Google on the Chopping Block, Recall AI
  5. TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny