Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Have a Ubisoft game with UPlay installed on your PC? You are at risk

  • 30-07-2012 11:41am
    #1
    Registered Users, Registered Users 2 Posts: 9,249 ✭✭✭


    A major MAJOR security compromise has been found in Ubisofts uplay software which can enable a malicious programmer a back door into your PC. It's a pretty serious security concern and would advise all those with any Ubisoft game installed to remove the plugin in your browser and uninstall any ubisoft product just to be on the safe side.
    RPS wrote:
    the flaw lies specifically in a browser plugin Uplay quietly installs, and the general consensus is now that’s all you need to remove to protect yourself. See below for details on how to rid your PC of it.

    Essentially, as described here, with the right piece of code any website can call up a Uplay window and from that might be able to slip a program install or launch of their choice onto your PC. Were someone with malevolent intent to inject the code onto a commonly-visited website, they might be able to gain control over any number of PCs – or install keyloggers, viruses and the like, or just plain old wipe your hard drive. The web security expert we chatted to says this could even occur via an email link, making this exploit a phisher’s dream if it’s as a bad as it sounds.

    Says the expert we spoke to, “you could click on a weblink, thinking you were visiting the BBC News Website from a friendly list of bookmarks. Except it’d also install a program via UBISoft’s DRM plugin which wiped your hard drive. It is a genuine threat. All it would take is an exploited wordpress, say.”

    But I come here not to sensationalise, but to warn. With news of this backdoor spreading like wildfire and proof of concept code already out there, there’s a very real chance that someone will try to achieve something unpleasant with it before Ubisoft can shut it down. That’s presuming it is what it appears to be, of course – this may turn out to be an exaggeration, especially as the internet does so love to mock Ubi’s notorious DRM, but so far the evidence very much points to this being as dangerous as it sounds. I’ve contacted Ubisoft for comment and will update as and when we know more. There’s been no response as yet, and other sites are reporting similar silence.

    The fault does appear to specifically lie with a browser plugin Uplay installs rather than Uplay itself, so remove that from your Firefox/Chrome/IE/etc extensions as a priority, but I’m erring on the side of extreme caution and advocating the removal of anything associated with Uplay until this apparent threat is dealt with. Here’s how to locate and disable the errant plugin:


    Firefox:
    Tools – Add-ons – Plugins – Disable the Uplay and Uplay PC Hub plugins

    Chrome:
    Visit about:plugins and disable

    Opera:
    Settings – Preferences – Advanced – Downloads – Search “Uplay”, delete

    (Via Revisor on our forums).

    Contrary to what some parts of the web are currently screaming, this is not a rookit – it’s an exploit in a browser extension. Alas, the vast majority of folk with said browser extension will have been hitherto unaware that Uplay had installed it.

    You can find the games which apparently include the exploit listed below. If you have any of them on PC, I would urge you to uninstall them and any Uplay applications as soon possible as a precautionary measure. If you have any of these games on your PC, you can also see the apparent exploit harmlessly in action with the link here.

    We’ve tested with a PC that has never had Uplay installed on it. The exploit didn’t work at all. After installing Uplay alone, immediately the test link did indeed work, calling up the Uplay window, and then with that, booting the Windows Calculator. After uninstalling Uplay, the exploit once again didn’t work.

    Calculator’s hardly scary of course, but if someone could use the exploit to slip another program onto your PC or run command lines, anything could happen. Frightening – even if there is still something of a question mark over exactly what level of access a nasty soul could go on to achieve. Additionally, this software would appear to allow Ubisoft to monitor PCs running Uplay, but again let’s wait for more details before any hammers of judgement are wielded.

    It appears versions of some of these games are Uplay-free and thus in theory safe, but again it may be better to be paranoid than sorry. You can always reinstall later, right? I’d also urge you to check your list of installed programs in Windows, just in case an old install of the Uplay launcher/plugin is hanging around despite your having previously uninstalled any games that used it.

    Here’s the list of titles known to be affected:

    Assassin’s Creed II
    Assassin’s Creed: Brotherhood
    Assassin’s Creed: Project Legacy
    Assassin’s Creed Revelations
    Assassin’s Creed III
    Beowulf: The Game
    Brothers in Arms: Furious 4
    Call of Juarez: The Cartel
    Driver: San Francisco
    Heroes of Might and Magic VI
    Just Dance 3
    Prince of Persia: The Forgotten Sands
    Pure Football
    R.U.S.E.
    Shaun White Skateboarding
    Silent Hunter 5: Battle of the Atlantic
    The Settlers 7: Paths to a Kingdom
    Tom Clancy’s H.A.W.X. 2
    Tom Clancy’s Ghost Recon: Future Soldier
    Tom Clancy’s Splinter Cell: Conviction
    Your Shape: Fitness Evolved

    I’m not at all certain that list is complete, given other games are known to use Uplay – From Dust, for instance. Check your program installs and browser extensions/plugins for any trace of it regardless – it might be there from an older install even though the game that carried it is no longer on your PC.

    Again, more news as we have it.


Comments

  • Moderators, Computer Games Moderators Posts: 23,276 Mod ✭✭✭✭Kiith


    Ahh Ubisoft, you've gotta love their anti piracy methods which screw over everyone except the pirates.

    Thanks for the heads up though.


  • Closed Accounts Posts: 460 ✭✭Ape X


    Yeah, thanks OP for the heads up. Thankfully, the only Ubisoft game I have is unaffected (Anno 2070).


  • Registered Users, Registered Users 2 Posts: 22,929 ✭✭✭✭ShadowHearth


    disabled in opera and chrome. cheers OP. one more ubisoft **** up.


  • Moderators, Arts Moderators Posts: 10,520 Mod ✭✭✭✭5uspect


    FUbisoft.


  • Registered Users, Registered Users 2 Posts: 7,044 ✭✭✭Wossack


    sheesh...

    thanks for the heads up


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 18,815 ✭✭✭✭K.O.Kiki


    You are assuming I still give Ubisoft my money.
    :pac:


  • Registered Users, Registered Users 2 Posts: 22,929 ✭✭✭✭ShadowHearth


    K.O.Kiki wrote: »
    You are assuming I still give Ubisoft my money.
    :pac:

    Surprisingly they got quite a few amazing games, it's a shame their anty piracy policies and stupid uplay are rubbish.


  • Moderators, Computer Games Moderators, Technology & Internet Moderators, Help & Feedback Category Moderators Posts: 25,753 CMod ✭✭✭✭Spear




  • Moderators, Computer Games Moderators, Social & Fun Moderators Posts: 81,083 Mod ✭✭✭✭Sephiroth_dude


    well thats good,anno 2070 is my favourite game


  • Registered Users, Registered Users 2 Posts: 22,929 ✭✭✭✭ShadowHearth


    Spear wrote: »

    I noticed. I played some driver just now and it was updating itself. Fair play for fast response.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 258 ✭✭Hawke


    I never buy PC Ubisoft games anyway. Shame for actual customers but at least it will show some of Ubisofts incompetence when it comes to the PC market at this point. All this DRM for games you can pirate anyway is ridiculous.


  • Registered Users, Registered Users 2 Posts: 22,929 ✭✭✭✭ShadowHearth


    It is not really drm problem... It was a security hole in its software. It could happen to any company. Thought I guess everything goes if you want throw a rock at them.


  • Registered Users, Registered Users 2 Posts: 6,912 ✭✭✭SeantheMan


    Enjoying Drive SF atm :D


  • Registered Users, Registered Users 2 Posts: 12,705 ✭✭✭✭Skerries


    It is not really drm problem... It was a security hole in its software. It could happen to any company. Thought I guess everything goes if you want throw a rock at them.

    quiet you! we're indignantly and indiscriminately ranting here


  • Registered Users, Registered Users 2 Posts: 8,405 ✭✭✭gizmo


    It is not really drm problem... It was a security hole in its software. It could happen to any company. Thought I guess everything goes if you want throw a rock at them.
    Damn right. Some ****ing sites are even going so far as to call it a rootkit and even after Ubisoft responded, they're still not backing down and are accusing them of arguing semantics. :rolleyes:


  • Registered Users, Registered Users 2 Posts: 22,929 ✭✭✭✭ShadowHearth


    SeantheMan wrote: »
    Enjoying Drive SF atm :D

    off topic, but I have to admit: It's awesome!!!!!!!!! I can't believe how well it's made with story telling and how fun driving is. Feel of speed and danger is very well done. Most amazing car chases I had in ages. Good sense of humour too.

    All I play now is tropico 4 and driver.


  • Registered Users, Registered Users 2 Posts: 6,912 ✭✭✭SeantheMan


    Well it is Ubisoft, I only installed it after yourself and a few others raved about it.

    I was quite disappointed when I had to root out my old Ubi account etc and connect everytime I wanted to play. Thought they would have it just go through Steam at this stage :(


  • Registered Users, Registered Users 2 Posts: 23,140 ✭✭✭✭TheDoc


    **** me

    Had to install their DRM ****e to play Splinter cell after I got it during steam sale, best look into this when I get home


  • Registered Users, Registered Users 2 Posts: 8,369 ✭✭✭Rossi IRL


    so is it safe now caus i finished my download of assassins creed brotherhood and want to play it


  • Registered Users, Registered Users 2 Posts: 9,249 ✭✭✭Stev_o


    It's been patched now. Still annoyed that i was never informed that a plugin was being installed to my browser.


  • Advertisement
  • Moderators, Social & Fun Moderators Posts: 28,633 Mod ✭✭✭✭Shiminay


    I just got a controller in the post yesterday to play Assassins Creed: Revelations, had the thing update itself before I played, so not too bad. Bad and all as Ubisoft's DRM policies are, Shadowhearth is correct in saying this sort of thing might have happened to anyone, but from the small bit of reading I've done on it, it looks like it was a fairly major blunder not to have locked it down properly.

    Meh, it's fixed now, I shall carry on jumping from buildings and putting knives in mo-fos :D


Advertisement