hypnosec writes with news that two security consultants have found vulnerabilities in Call of Duty: Modern Warfare 3 and the CryEngine 3 graphics engine
that could harm game makers and players alike
. Presenting at the Power of Community (POC2012
) security conference, the researchers demonstrated how a denial-of-service attack could affect Modern Warfare 3
, and how a server-level attack on CryEngine 3 allowed them to "create a remote shell on a game-player's computer."
"'Once you get access to the server, which is basically the interface with the company, you can get access to all of the information on the players through the server,' Ferrante said. In general, game companies don't seem to be very focused on security but rather on performance of the game itself, Ferrante said. Adding security checks can slow down games, and if the companies don't deem the problem a very critical issue, it will usually be ignored. 'These are games that have a very large market,' Auriemma said."