"Critical vulnerabilities" found in Call of Duty: Modern Warfare 3, CryEngine 3
If you thought the biggest thing you had to worry about in Modern Warfare 3 was a knife in the back while you were camped out sniping, you might have to think again. At the Power of Community security conference in Seoul, two researchers appear to have found "critical vulnerabilities" in the game - along with Crytek's CryEngine 3 - as reported by Computer World.
At the conference, ReVuln security consultants Luigi Auriemma and Donato Ferrante presented the results of their research. Along with a video showing how a denial-of-service attack could trouble Modern Warfare 3, they demonstrated how a server-level attack on CryEngine 3 (using the game Nexuiz) let them "create a remote shell on a game-player's computer", granting access to "all of the information on the players through the server". The pair plan to reveal "advisories" on the two vulnerabilities tomorrow, on the launch day of Black Ops II. They're also willing to offer their assistance to Activision, but as Computer World put it, they "aren't going to volunteer the information, since their research is part of their business."
As well as accessing players' information, Ferrante says that these vulnerabilities could be used by rival companies to shut down their competitors' games entirely. He blames the focus on game performance over security for these flaws. "In general, game companies don't seem to be very focused on security but rather on performance of the game itself, Ferrante said. Adding security checks can slow down games, and if the companies don't deem the problem a very critical issue, it will usually be ignored."