Results 1 to 20 of 110
Thread: Ubisoft DRM is a security risk
30-07-2012, 10:53 AM #1
Ubisoft DRM is a security risk
Someone notified me of this:
It seems Ubisoft's Uplay DRM can be used by evildoers to gain access to your computer. I tried it and it does seem legit. Uninstalling the Ubisoft Game Launcher helped though.
30-07-2012, 10:59 AM #2
Waiting for a reliable news source. I'm skeptical that this is just scaremongering combined with "let's all hate Ubi" bandwagon-jumping.
30-07-2012, 11:02 AM #3
Well like I said I tried that demonstration link they posted. It starts up Uplay, which then starts up calc.exe.
30-07-2012, 11:31 AM #4
Hacker News is a very reliable source.
And yes, this is real.
Disable the Uplay plugin(s) in your browser ASAP.
How to disable Uplay in Firefox:
Tools - Add-ons - Plugins - Disable the Uplay and Uplay PC Hub plugins
Settings - Preferences - Advanced - Downloads - Search "Uplay", delete
Visit about:plugins and disable
To check the vulnerability, visit this page
If your browser is vulnerable, Uplay will start and the Windows Calculator will run.
Last edited by Revisor; 30-07-2012 at 11:39 AM.
30-07-2012, 11:40 AM #5
- Join Date
- Feb 2012
I installed Ubisoft game launcher, and the link says missing plugin on both chrome and firefox. I can not play any Ubisoft game though. I am going to reinstall Uplay and see if they work.
It might be an easier way for limited bandwidth people to make sure they are safe, and not having to redownload games later
Edit: After a quick check it is only the Uplay or Ubisoft program that needs to be uninstalled. It will save on bandwidth as when this is patched and fixed you can just reinstall Uplay and be fine
Also worth noting, uplay doesn't work when Uplay window is open or when you are not logged in
Last edited by Kiril; 30-07-2012 at 11:44 AM.
30-07-2012, 11:57 AM #6
- Join Date
- Jun 2011
Thanks for these instructions, i wouldn't have known otherwise!
30-07-2012, 12:15 PM #7
Good fucking lord.
30-07-2012, 12:30 PM #8
Kaspersky stomped on the demonstration link for me. I've still removed the Uplay plugin though.
30-07-2012, 12:31 PM #9
- Join Date
- Jun 2011
- The land of slain white knights
Also they should add Anno 2070 to the list of affected games too.
But FFS Ubitard get your act together.
30-07-2012, 12:48 PM #10
30-07-2012, 12:50 PM #11
I use IE explorer (yeah yeah) and can't find any Uplay plugin...
Edit: Ah, there it is.
Last edited by Drake Sigar; 30-07-2012 at 12:53 PM.
30-07-2012, 12:50 PM #12
The indignation is logical, no matter what, this shouldn't have happened on the first time.
30-07-2012, 12:51 PM #13
Why do they want to install a browser plugin in the first place?
30-07-2012, 12:52 PM #14
[E] Without your permission, obviously.
[Edit of an edit]: To expand on your "dodgy websites"-thought: you don't even need to visit dodgy websites. It wasn't that long ago when RPS itself had some dodgy JS-script embedded to the site via ad. One infected ad is all it takes to make a "nondodgy" website a security risk.
30-07-2012, 01:00 PM #15
30-07-2012, 01:04 PM #16
Well, disabling the plugins in Firefox works for me.
It's most likely that some intern coded this, and now it was discovered that it could be exploited, but I'm all for blowing this out of proportion so that Uplay is finally retired.
30-07-2012, 01:09 PM #17
An opening like...
"We’re currently investigating the full extent of this, but moralising and recrimination can come later. For now, the important thing is to warn folks who have certain Ubisoft games installed on their PCs that an apparent backdoor has been discovered in the Uplay infrastructure/DRM which may in theory allow any anyone so minded to install God knows what horrors on your PC."
30-07-2012, 01:24 PM #18
I urge you to uninstall it and any games that use it immediately, until we know more.
Did you read what I wrote? Or just see it was by me and jump to conclusions Unaco?
30-07-2012, 01:29 PM #19I'm failing to writing a blog, specifically about playing games the wrong way
30-07-2012, 01:29 PM #20
kad: That IS a good response. It is like when there are food recalls due to diseases or chinese lead. The news will say something like "Currently, it appears this is limited to Mike Tyson's Chicken Nuggets, but we urge you to dispose of all Mike Tyson chicken products purchased between the dates of X and Y"Steam: Gundato
If you want me on either service, I suggest PMing me here first to let me know who you are.