Security firm issues warning over insecure browser games
Games which are developed using WebGL and are designed to run in a web broswer are leaving your PC open to back door hackers, according to consultants at Context Information Security, who claim to have found "serious flaws" in the design of the platform which is designed to give streaming games control of local resources on your PC.
The problem, according to Context, is that graphics drivers simply haven't been written to allow remote access.
“The risks stem from the fact that most graphics cards and drivers have not been written with security in mind so that the interface they expose assumes that the applications are trusted,” says Michael Jordon, Research and Development Manager at Context. “While this may be true for local applications, the use of WebGL-enabled browser-based applications with certain graphics cards now poses serious threats from breaking the cross domain security principle to denial of service attacks, potentially leading to full exploitation of a user’s machine.”
Many pundits reckon that streaming games will all but replace traditional DVDs and hard drives before too long, but revelations of a serious security hole in one of the most promising ways of getting immersive worlds from a web server onto your PC raise concerns.
All is not lost for the browser-based dream, however. WebGL is promising because it's part of the family of OpenGL APIs from the Kronos Group and works well with HTML 5, the sett of web standards which most think will define online interactivity in the future. It's not actually very popular at the moment though, with a Quake 2 port probably the most interesting WebGL game out there. Most well known browser games, like Runescape or Battlestar Galactica use Flash or Unity (respectively) which aren't subject to the same risks.