Hacker Exposes Major Security Exploit in Ubisoft’s Uplay

Recommended Videos

Whenever a new form of digital rights management, or DRM, hits the market, people get antsy. Developer and publisher Ubisoft has their own particular brand of this nonsense which requires a launcher of their making: Uplay. Unfortunately for them, it looks like Uplay includes a major security hole which some hackers are decrying as an intentional rootkit. This is the kind of revelation that can lead to recalls and public statements.

News of the exploit first popped up on the Full Disclosure mailing list wherein Tavis Ormandy, a notorious Information Security Engineer at Google, remarks on his findings nonchalantly:

Your silly post reminded me of something, while on vacation recently I bought a video game called “Assassin’s Creed Revelations”. I didn’t have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for it’s accompanying uplay launcher, which grants unexpectedly (at least to me) wide access to websites.

The exploitable code is found within a browser plugin involved with Uplay. It’s not exactly hidden — and can be disabled — but the fact that it exists at all is an issue. Forcibly requiring these sorts of programs only leads to more issues like this, and it looks like security for their own company’s sake and not the user’s sake takes first priority in the programmer’s mind. DRM, and the problems it creates and fails to solve, likely won’t be going away any time soon, however.

The web’s response has been to quickly confirm the exploit, though there are those calling the problem an issue of laughably poor coding, and generally fume about corporate giants including anything like this that installs to the hard drive in an attempt to keep an eye on how your video games are being used. With exploits like these being discovered, it’s easy to understand why.

(Full Disclosure via Forbes, Hacker News, image credit via Colony of Gamers)

Relevant to your interests


The Mary Sue is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more
related content
Read Article When To Expect ‘Enotria: The Last Song,’ Every Theater Kid’s Anticipated Soulslike
Soulslike inspired by the Commedia dell'arte, Enotria: The Last Song
Read Article The 10 Hardest ‘Elden Ring’ Bosses, Ranked
A bestial god crouches against a dark red sky in "Elden Ring"
Read Article Ranking the ‘Wuthering Waves’ Characters After 12 Hours of Gameplay
Wuthering Waves Rover, Chixia, and Yangyang at the introduction.
Read Article ‘Yu-Gi-Oh!’ Rarity Collection 2 Release Date Confirmed
Photo of yami yugi from yugioh
Read Article How To Get Every Yoshi Kid in ‘Paper Mario: The Thousand-Year Door’
Mario and Yoshi in 'Paper Mario: The Thousand-Year Door'
Related Content
Read Article When To Expect ‘Enotria: The Last Song,’ Every Theater Kid’s Anticipated Soulslike
Soulslike inspired by the Commedia dell'arte, Enotria: The Last Song
Read Article The 10 Hardest ‘Elden Ring’ Bosses, Ranked
A bestial god crouches against a dark red sky in "Elden Ring"
Read Article Ranking the ‘Wuthering Waves’ Characters After 12 Hours of Gameplay
Wuthering Waves Rover, Chixia, and Yangyang at the introduction.
Read Article ‘Yu-Gi-Oh!’ Rarity Collection 2 Release Date Confirmed
Photo of yami yugi from yugioh
Read Article How To Get Every Yoshi Kid in ‘Paper Mario: The Thousand-Year Door’
Mario and Yoshi in 'Paper Mario: The Thousand-Year Door'