Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Software Games

Ubisoft Uplay DRM Found To Include a Rootkit 473

An anonymous reader writes "It has been discovered that the Uplay system Ubisoft uses to both check a game is legal and offer up gaming achievements, multiplayer, and additional content, actually contains a rootkit. The discovery was made by Tavis Ormandy, an information security engineer at Google, when he installed Assassin's Creed: Revelations on his laptop. He noticed that during the installation Uplay installed a browser plug-in that allows any website to gain access to your machine through a backdoor and take control of it.The plug-in can be classed as a rootkit because it is thought to allow continued privileged access to a machine without a user's consent."
Update: Ubisoft has released a statement saying it has issued a forced patch to correct the flaw in the browser plug-in for the Uplay PC application.
This discussion has been archived. No new comments can be posted.

Ubisoft Uplay DRM Found To Include a Rootkit

Comments Filter:
  • by Joe_Dragon ( 2206452 ) on Monday July 30, 2012 @08:38AM (#40817191)

    under the DMCA any antivirus software companies can get sued for remove or even marking this.

    • by MarioMax ( 907837 ) on Monday July 30, 2012 @08:42AM (#40817239)

      under the DMCA any antivirus software companies can get sued for remove or even marking this.

      On the other hand, Ubisoft is probably guilty of violating Federal wiretap laws.

      • by h4rr4r ( 612664 )

        In what way?
        You really think they did not include some fine print in the EULA about how the user was consenting to this?

        • by Anonymous Coward on Monday July 30, 2012 @08:51AM (#40817351)

          You can't always waive your rights, even if you agree to it.

        • In what way?
          You really think they did not include some fine print in the EULA about how the user was consenting to this?

          An illegal action (not sure if this is or not) remains illegal, even if both parties agree to it.

        • by poetmatt ( 793785 ) on Monday July 30, 2012 @09:03AM (#40817451) Journal

          What, have you never heard of the sony rootkit? they were pretty damn close to getting sued for similar issues.

          Fine print won't do anything to get around this. Just like every fine print says you indemnify the company - if there's a real issue, the judges will ignore the EULAs which have been deemed legally unenforceable anyway.

          • by Anachragnome ( 1008495 ) on Monday July 30, 2012 @03:25PM (#40821825)

            Maybe they'll actually get sued this time...

            I play Everquest 2 on this machine, and look what I just found (installed yesterday). Firefox never informed me that it was being installed.

            FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\5kpvldeq.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()

            In the Firefox browser Add-on pane it is listed as SOE Web Installer 1.0.3.171. It can be disabled, but I have not attempted to remove it yet. I want to keep it around while I figure out what it is doing. A web-search is inconclusive as it appears to have just been released, although I did find several links to a "test page" that belongs to Sony that instantly tries to install said plug-in. No-script blocked these attempts, so I have to assume it was served to me via the EQ2 GAME updating system. If so, complete bullshit.

            Again, I never got any sort of plug-in install warning when running Firefox, and I have my browser warning settings at maximum verbosity. This plug-in was just "there".

            • by Anachragnome ( 1008495 ) on Tuesday July 31, 2012 @04:10AM (#40826373)

              Update, if anyone cares.

              You can uninstall the plug-in, SOE Web Installer, by using the provided "Uninstaller" you get at the same webpage that installs it.

              Or, you can do what I did. Manually uninstall the game then spend 2 hours scouring out the 67 registry entries the "uninstaller" left behind. (The game uninstaller didn't actually remove a single file...not a single one. The plug-in uninstaller simply appeared to remove the plug-in from the control panel--all of the registry entries remained. CCleaner only found four of the 67 I removed.)

              That shit is pure rootkit. Considering you can't even firewall out the outbound data without also firewalling your browser, this one is worse then the Sony/BMG rootkit. I've had to remove both and this one was spread all over the damn place, with redundant registry entries everywhere.

              Never again, Sony, will any of your products enter this household.

        • by Dunbal ( 464142 ) * on Monday July 30, 2012 @09:37AM (#40817873)
          You mean the EULA you are forced to agree to AFTER making the purchase? Null and void.
        • Comment removed based on user account deletion
      • by Anonymous Coward on Monday July 30, 2012 @09:16AM (#40817601)
        So? Ubisoft is a corporation, its not like anything bad is actually going to happen to them.
        • by jones_supa ( 887896 ) on Monday July 30, 2012 @09:41AM (#40817909)
          Exactly. When a individual screws up, he loses his summer cabin, children, dog and job. But when a company does so, everything continues pretty much the same...it shouldn't be like that. Companies should be tools for us, not the other way around.
        • by lgw ( 121541 )

          So? Ubisoft is a corporation, its not like anything bad is actually going to happen to them.

          There are lines that even major corporations cannot cross. Putting rootkits on US Federal computing equipment is one such line. Sony's fine for their rootkit fiasco was certainly enough to get Sony's stockholders' attention, but that wasn't the worst of it.

          The Department of Justice basically said: it would be within the law to sieze all Sony assets in America and ban all future imports of all Sony products, but we're not going to ask for that becuase we don't think it was deliberate .... this time.

          Deliber

  • by Black LED ( 1957016 ) on Monday July 30, 2012 @08:38AM (#40817201)
    It's reasons like this that I refuse to buy anything from Ubisoft.
    • by afidel ( 530433 ) on Monday July 30, 2012 @08:44AM (#40817257)
      Yep, I own every HoMM game except VI due to the retarded DRM. I wish Steam had a filter button to remove anything with third party DRM so I wouldn't have to get my hopes up just to end up not buying a title due to publisher stupidity.
      • by BigSlowTarget ( 325940 ) on Monday July 30, 2012 @09:13AM (#40817555) Journal

        I finally got HoMM VI despite DRM reservations on extreme sale and I have to say it wasn't worth it even for 90% off. They stripped all the strategy from the game and left it an empty advertising husk. Don't bother.

        • by afidel ( 530433 )
          Well now you have a trojan to remove to go with a crappy game then =(
    • by Polizei ( 1782856 ) on Monday July 30, 2012 @08:48AM (#40817311) Homepage
      It's reasons like this I refuse to install any closed source binaries - besides the inbound and outbound firewall...
      • Re: (Score:3, Funny)

        by h4rr4r ( 612664 )

        You use a closed source firewall and are worried about what games are doing?

        That seems pretty odd.

    • Same here but I really did want to lift my personal ban on Ubisoft for Draconian DRM so that I could get a few WiiU titles. Now it looks like I'll have to keep them on the games I don't Play, Buy, or even Rent list.
  • by h4rr4r ( 612664 ) on Monday July 30, 2012 @08:38AM (#40817203)

    Who is actually surprised?

    This is the one thing that has me worried about Steam on linux. Using it in wine I can be fairly sure I have it limited to one user account and no real ability to mess with the machine, but when it installs natively who knows.

    • by Yvanhoe ( 564877 )
      Virtualization becomes unavoidable.

      OTOH, if it is not possible to install steam as a user, a good excuse will be necessary.
    • by jones_supa ( 887896 ) on Monday July 30, 2012 @09:00AM (#40817433)
      I don't know if it's anymore there, but along C drive residing in '~/.wine/drive_c/' Wine has defaulted to mapping Z to '/'. So for some extra protection be sure to remove that. And in this case, just remember to move all the installers and stuff in the virtual C drive before starting them.
    • by Sancho ( 17056 ) *

      So do you actually install it as a different user, or do you just feel warm and fuzzy that they can't modify your system, even though most of what you probably care about exists within your user account?

      Even if you install it as a different user, you would need to log out of your main account every time (or, I suppose, run a secondary X server) as the rights required to display to your X server pretty much give full access to your account.

      • by causality ( 777677 ) on Monday July 30, 2012 @12:06PM (#40819587)

        So do you actually install it as a different user, or do you just feel warm and fuzzy that they can't modify your system, even though most of what you probably care about exists within your user account?

        Even if you install it as a different user, you would need to log out of your main account every time (or, I suppose, run a secondary X server) as the rights required to display to your X server pretty much give full access to your account.

        My own setup has a user account specifically dedicated to Wine. This user doesn't run anything else. That user has no network access at all because of iptables. There is a PAM module that gives this user access to draw on the X display when I switch to it (Gentoo does this by default; on most Debian-derived distros you have to configure PAM with a one-liner in /etc/pam.d/su -- add "session optional pam_xauth.so" to that text file).

        I use a Gentoo Hardened system so I place extra restrictions on it. The Wine user cannot see processes of any other user and the permissions on anything outside of its home directory are quite restrictive. Back when I played WoW (and had to allow network access, but only just what it needed), it would scan the running processes as an anti-cheating measure; on this system it would see only itself and a couple of Wine processes. On a normal Linux system, any user can view every user's running processes. Also, Wine is compiled with SSP and has NX and other hardening features applied to it.

        That's not an exhaustive list but it covers the main steps I took. You can probably gather that I don't trust binary Windows programs.

  • That's awesome (Score:5, Interesting)

    by the_Bionic_lemming ( 446569 ) on Monday July 30, 2012 @08:41AM (#40817231)

    I started boycotting several manufacturers over the games that required a constant online connection. I can't wait to tell my buddy that thinks that the boycott is stupid how his system is rooted (again)!

  • While it may not fit the dictionary definition, IMHO ANY software that allows someone to delete/alter/lock up something on my machine without my permission is essentially a rootkit. DRM fits that definition, thus "All DRM is rootkit".

    nevertheless, glad to see people calling out companies for particularly egregious behavior in the DRM realm.

    • by Anonymous Coward on Monday July 30, 2012 @08:52AM (#40817369)

      IMHO ANY software that allows someone to delete/alter/lock up something on my machine without my permission is essentially a rootkit.

      DRM does not allow someone to "delete/alter" anything. It only "locks up" in the crypto sense, as DRM is basically crypto code. I dislike DRM, but will defend a software company's right to encrypt their software, and even allow them to require an Internet connection to "unlock/decrypt" that software so that it can be used. This is their choice, and in that respect, "buyer beware". Vote with your cash.

      OTOH, installing a rootkit which allows possible unauthorised access to my machine, by the company or any other 3rd party without specific permission for each and every access??? They deserve to be fined out of existence by every legal system on the planet.

      • by cheekyjohnson ( 1873388 ) on Monday July 30, 2012 @11:16AM (#40818965)

        I dislike DRM, but will defend a software company's right to encrypt their software, and even allow them to require an Internet connection to "unlock/decrypt" that software so that it can be used.

        I would too. But I would also defend the right of people to modify their copy of the software to remove said DRM and even distribute cracks for it.

    • by Dog-Cow ( 21281 ) on Monday July 30, 2012 @09:11AM (#40817535)

      A rootkit is software that allows root access without (further) exploiting the OS/software on the machine. The software itself may do nothing at all beyond that, and it's still a rootkit.

      Conversely, software which reformats your harddrive is not a rootkit if it doesn't grant root access. Even if it itself is running as root!

      So, your definition is crap. You've basically made up your own just so you can hate on DRM. It's stupid because DRM is crap even without this misguided rationalization.

  • The post: (Score:5, Informative)

    by Fwipp ( 1473271 ) on Monday July 30, 2012 @08:42AM (#40817249)

    Because it's missing from the summary and also the linked article, here's the initial report: http://seclists.org/fulldisclosure/2012/Jul/375 [seclists.org]

  • by Anonymous Coward

    Any time a rootkit is found the perpetrators should be (metaphorically) strung up.

    It's hard to find a car analogy for this, but I can try: it's like a car dealer keeping a copy of your key for personal use. It's just unacceptable and so far outside of proper ethics that even the corporate sycophants should find it troubling.

  • by dryriver ( 1010635 ) on Monday July 30, 2012 @08:45AM (#40817271)
    Game sales are seriously down in 2012 compared to previous years. I am willing to bet that at least partially, this is because of the Steam/Origin/UPlay DRM garbage game publishers force you to install. ------- The game industry needs to take a long, hard look at the way it treats paying customers. Instead of the "we force xyz conditions on you" mantra practiced today, the industry needs to switch to "the buyer is always right". This means that the industry will need to listen to what game buyers want, and no longer IMPOSE completely unnecessary and counterproductive terms & conditions on the paying gamer. -------- This will probably never happen... The industry is run by money-oriented suits & beancounters who don't really care about making good games. But it would definitely have been nice to see, even if for just one day, the industry actually listening to what its customers want. --------- Maybe Kickstarter.com can help fix this mess. The 24 game projects that have been funded with Kickstarter will all be delivered sometime in 2013. And then we will see if the "Crowdfunded Games" can serve as a replacement for buying games from the big Multi-Billion Dollar game publishers. ------
    • Game sales are seriously down in 2012 compared to previous years. I am willing to bet that at least partially, this is because of the Steam/Origin/UPlay DRM garbage game publishers force you to install.

      I can't speak for everyone, but it has influenced by buying. The number of game publishers that I boycott keeps growing, and my game buying keeps decreasing. I used to buy 20 - 30 games a year. This past year, I might have bought 2. Though, to their credit, I pirate a lot less also! I haven't pirated a game in 3 years.

      Now, I just find other ways to spend my time other than video games. The funny thing is, I've found new hobbies that are more social, more personally rewarding, and make me less intereste

    • by Tridus ( 79566 ) on Monday July 30, 2012 @09:08AM (#40817491) Homepage

      Based on what data? NPD says that game sales are slumping, but NPD's numbers are shit. They're based on retail sales at big stores. They're of little to no use when tracking the growth areas of the gaming market: anything digital. Game sales are likely not down at all, just people buying shiny disks at Walmart.

      Besides that, 2012 has featured a lot of big name letdowns compared to 2011. The fall season will likely do better.

    • by dc29A ( 636871 ) * on Monday July 30, 2012 @09:25AM (#40817711)

      Game sales are down for consoles maybe. With a bit of googling, you might find silly things like NVidia's 23% revenue growth attributed to PC gaming [technologizer.com] alone. And of course that Steam has 100% sales growth [eurogamer.net] in 2012 over 2011. Oh and Diablo III selling like hotcakes. But hey, this profit growth is all because DRM is making people NOT buy games right?

    • I also have changed my game buying habits. I regularly buy HumbleBundle games even if I don't play them just to support developers who treat customers right. Steam? Only when they have one of their $9.95 sales on a game I really want, such as Civ 5. So I guess there is a price point where I put up with DRM but not at the price developers want to charge.
    • by ilsaloving ( 1534307 ) on Monday July 30, 2012 @10:15AM (#40818291)

      Because of Steam, I have actually bought MORE games than I ever had in my entire life up to that point. And that's, IMO, it actually gives me value:
      a) amazing deals on games, allowing me to buy top titles for $15 as long as I'm patient enough to wait for the sale
      b) saved games are backed up, so when I need to delete a game, I know that I can reinstall in the future and continue from where I left off
      c) I can load the game onto an entirely *different* machine and continue from where I left off
      d) My primary machine is a mac, but when I buy a game on steam I get the mac AND windows version. While I have not actually tried to yet, I *think* the save games are supposed to move between platforms as well. I could be wrong about that though.
      e) Steam/Valve has done a LOT to improve the gaming scene on Mac, and now they are trying to do the same for Linux.

      The only real downside is that I can't sell my games second-hand to someone else. But considering that I've never really done that anyway, it's a moot point.

      So yeah, Steam may have the properties of a DRM system, but I am willing to live with it because I consider the benefits to dramatically outweigh the negatives.

      Meanwhile Blizzard and Ubisoft provide nothing of the sort, and can go DIAF for all I care.

  • Glad I stuck to my Ubisoft (and EA and Blizzard) boycott even in the face of the big Steam Summer Sale. Here's hoping more gamers will stick to their principles and force developers into customer-friendly behavior, though sadly it seems that most people prefer to boycott companies just until a new title is released...

  • by Kdansky ( 2591131 ) on Monday July 30, 2012 @08:51AM (#40817355)
    Technically, rootkit is the wrong term. It doesn't insert itself into the system, and it cannot execute code with privileges. It's still a security hole big enough to swallow small countries.
    • by canajin56 ( 660655 ) on Monday July 30, 2012 @09:15AM (#40817581)
      Rootkits are about avoiding detection while granting somebody else the ability to execute arbitrary code remotely. Although it's a deviation from the origin of the name, there's no requirement that a rootkit have root access. Ring 3 rootkits are still considered rootkits, and that includes this one, which is essentially a DLL injection into the browser, if one that's not hidden from the user, just made to seem harmless. That is, if you see that there is a uPlay plugin after you install uPlay, you might assume that's to interface between their store and their DRM, rather than having a built-in browser like Steam has. You probably wouldn't think it's there to execute arbitrary code from any website that wants to. When they talk about "privileged access" to your system, they mean the philosophical "privileged access", which is access that nobody else has. Executing arbitrary code is privileged access, because only the local user is supposed to be able to do that. It doesn't mean "root access". At any rate, I don't think privilege escalation is tricky on Windows.
      • by Urkki ( 668283 )

        IMO rootkit needs to be able to hide itself, which is pretty much impossible without root access. Otherwise it's just a trojan with a backdoor.

  • this sounds familiar (Score:4, Interesting)

    by slashmydots ( 2189826 ) on Monday July 30, 2012 @08:57AM (#40817411)
    Rootkit = hidden from the file structure of an OS, typically by intercepting explorer display calls. So it's not that but definitely a trojan, as it is a game on the outside and secret remote control browser plugin on the inside. By the way, there is no such thing as a hidden browser plugin. IE9 pops up and says that there's a new browser plugin and asks to enable it or not. Does it get around this? I think Firefox is a little more inviting to whatever the hell wants to hop in, as is Chrome, but no matter what, you can see all add-ons listed in all 3 browsers.

    By the way, if you're thinking "hmmm, where have I heard Ubisoft news before?" they used a hacker team's no-CD crack, as-is, in one of their official updates to Rainbow 6 Vegas 2 to solve a problem with the game calling their own legit CD a fake CD.
  • And they wonder... (Score:5, Insightful)

    by mycroft16 ( 848585 ) on Monday July 30, 2012 @09:08AM (#40817485)
    And they wonder why there is piracy of video games. Seems quite obvious to me. "Buy game and get a rootkit installed on my machine, compromising my system's security or get the game from pirates without that."
  • The evil JS: (Score:5, Informative)

    by nthitz ( 840462 ) on Monday July 30, 2012 @09:14AM (#40817571)
    var x = document.createElement('OBJECT');
    x.setAttribute("type", "application/x-uplaypc");
    document.body.appendChild(x);
    x.open("-orbit_product_id 1 -orbit_exe_path QzpcV0lORE9XU1xTWVNURU0zMlxDQUxDLkVYRQ== -uplay_steam_mode -uplay_dev_mode -uplay_dev_mode_auto_play")
  • Prosecute? (Score:4, Interesting)

    by MattW ( 97290 ) <matt@ender.com> on Monday July 30, 2012 @09:23AM (#40817687) Homepage

    I'm going to contact my Congresspeople, and ask them to ask the Department of Justice to investigate and prosecute any violation of wiretapping and/or computer crime laws which may have occurred.

  • by Lucky75 ( 1265142 ) on Monday July 30, 2012 @09:34AM (#40817841)

    Guess we should all just use the pirated versions of Ubisoft games to get around this rootkit.

  • uPlay just updated (Score:5, Informative)

    by derfy ( 172944 ) on Monday July 30, 2012 @09:35AM (#40817857) Homepage Journal

    uPlay update 2.0.4: 'Fix addressing browser plugin. Plugin now only able to open uPlay application.'

    Well, that was fast.

    • by ledow ( 319597 ) on Monday July 30, 2012 @10:18AM (#40818307) Homepage

      The problem is that people see things as fixed/not fixed.

      Let's assume the problem is "fixed". What sort of development, security and testing regimes did their DRM go through to get to the point where any web page can open any application without any checks whatsoever previously? And how does that bode for anything that's not STUPIDLY TRIVIAL like finding this bug, e.g. buffer overflows, privilege escalations, etc.

      Don't judge them on what they fixed. Judge them on just how terminally inept is was to allow that sort of thing to exist in the first place, let alone slip through into production code on a multi-million dollar game publisher. What else is there lurking in that plugin / app that *hasn't* been found and isn't so trivial to spot and fix?

  • by ilsaloving ( 1534307 ) on Monday July 30, 2012 @09:58AM (#40818093)

    As someone who personally boycotted Ubisoft a long time ago because of their DRM shenanigans, the only thing I have to say is:

    HA HA (in nelsons voice)

    It's impossible to convince everyone to not buy a game because people just don't care. So I'll just sprinkle this nice big helping of schadenfreude onto my cereal this morning, instead.

  • by sl4shd0rk ( 755837 ) on Monday July 30, 2012 @10:22AM (#40818337)

    Stop buying their games. The DRM will stop. Steam isn't much better as far as playing 'unplugged' but I guess I have more faith in Valve as a company.

  • by IonOtter ( 629215 ) on Monday July 30, 2012 @12:17PM (#40819699) Homepage

    One of the tags on this story is, "theyneverlearn".

    On the contrary, "they" have learned exceptionally well! One could argue that "they" are A+ students with a 4.0 GPA across the board, having graduated Suma cum laude from the University of Violating People's Rights.

    1. Any illegal action is legal until you get caught. (This is universal, and does not apply only to software.)

    2. If you get caught, bluff. Claim that the plaintiff signed away their rights in the EULA.

    3. If the bluff fails, obstruct. Claim that the EULA dictates the plaintiff must agree to arbitration in the Dominican Republic, where all parties may only meet on the 5th Wednesday of every month, between the hours of 8AM to 12PM.

    4. If the obstruction has failed, then the client has identified themselves as a serious threat. Primarily because they have enough money to get this far in a court of law. Commence filing delaying actions. Request discovery on the plaintiff's machine. Engage private investigators, or even law enforcement by accusing the plaintiff of willfully violating the EULA. Plaintiff's property is then confiscated pending an investigation which can take up to a year. Continue until plaintiff runs out of money.

    5. If things get this far, then plaintiff is extremely dangerous. Withdraw all claims against plaintiff. Immediately offer a deal to the plaintiff in return for a non-disclosure. Agree to any amount of money. Because it has not made it to court, you can promise umpteen squintillion bars of diamond-studded gold, and never have to pay one thin dime. What's the plaintiff going to do? Send the debt to a collection agency? (Use caution with this tactic! People are learning-albeit slowly-that you can send the sheriff to foreclose on a defaulting defendant's property.)

    6. The plaintiff refuses any deal. Case actually makes it to court. Offer another deal for much less money. Court costs for the plaintiff will now most likely exceed damages, so make an appropriate offer. Use caution: a court-agreed settlement MUST be paid, but it will not dictate as to when it must be paid.

    7. All attempts at a deal have failed. Plaintiff has bottomless pockets and blood in their eye, and is Hell-bent on taking you down. Begin repeat of Step 4.

    8. Repeat of Step 4 has failed. The Lord God has taken a direct interest in this case, and has been witnessed pissing into your cornflakes. Change your plea to "no contest". The court is restricted to how much they can fine you, and the case comes to a halt.

    9. Write off all losses by routing funds through the third set of books. Engage social media sock puppets to gin up your products. Sue anyone who bad-mouths you, even if they're pointing out the truth. Inform R&D that they are to conceal the program on the next release.

  • The flaw with the root kit of course being that someone detected it.

    But don't worry, they're working hard to correct that problem.

If you didn't have to work so hard, you'd have more time to be depressed.

Working...