"Critical vulnerabilities" found in Call of Duty: Modern Warfare 3, CryEngine 3

If you thought the biggest thing you had to worry about in Modern Warfare 3 was a knife in the back while you were camped out sniping, you might have to think again. At the Power of Community security conference in Seoul, two researchers appear to have found "critical vulnerabilities" in the game - along with Crytek's CryEngine 3 - as reported by Computer World .

At the conference, ReVuln security consultants Luigi Auriemma and Donato Ferrante presented the results of their research. Along with a video showing how a denial-of-service attack could trouble Modern Warfare 3, they demonstrated how a server-level attack on CryEngine 3 (using the game Nexuiz) let them "create a remote shell on a game-player's computer", granting access to "all of the information on the players through the server". The pair plan to reveal "advisories" on the two vulnerabilities tomorrow, on the launch day of Black Ops II. They're also willing to offer their assistance to Activision, but as Computer World put it, they "aren't going to volunteer the information, since their research is part of their business."

As well as accessing players' information, Ferrante says that these vulnerabilities could be used by rival companies to shut down their competitors' games entirely. He blames the focus on game performance over security for these flaws. "In general, game companies don't seem to be very focused on security but rather on performance of the game itself, Ferrante said. Adding security checks can slow down games, and if the companies don't deem the problem a very critical issue, it will usually be ignored."

Tom Sykes

Tom loves exploring in games, whether it’s going the wrong way in a platformer or burgling an apartment in Deus Ex. His favourite game worlds—Stalker, Dark Souls, Thief—have an atmosphere you could wallop with a blackjack. He enjoys horror, adventure, puzzle games and RPGs, and played the Japanese version of Final Fantasy VIII with a translated script he printed off from the internet. Tom has been writing about free games for PC Gamer since 2012. If he were packing for a desert island, he’d take his giant Columbo boxset and a laptop stuffed with PuzzleScript games.