Ubisoft browser plugin DRM--uPlay (pre 2.0.4)--has backdoor

  • Two Factor Authentication is now available on BeyondUnreal Forums. To configure it, visit your Profile and look for the "Two Step Verification" option on the left side. We can send codes via email (may be slower) or you can set up any TOTP Authenticator app on your phone (Authy, Google Authenticator, etc) to deliver codes. It is highly recommended that you configure this to keep your account safe.

FireSlash

Whats a FireSlash?
Feb 3, 2001
4,300
0
0
38
Central Ohio
www.unrealannihilation.com
I feel I should probably point out that what ubisoft has installed here isn't a backdoor. The bug isn't even related to DRM beyond the fact that the addon itself is packaged with their DRM.

It's really just a common programmer mistake on a piece of code that probably should have been reviewed a few more times before shipping.

U-play installs a browser addon that allows them to produce clickable links to launch uplay. The idea here was probably to help aid support and integrate better with their website by allowing you to click a link that might, for example, connect you to a server, or launch a game. Similar to how the steam:// url scheme works but implemented as a browser addon instead.

The problem is that the programmer who wrote this little bit of code forgot to scrub the input for malicious input. As a result, someone figured out how to embed other launch commands into the scheme that will fire off raw. Basically it allows a website to run program. This obviously becomes problematic when you start command chaining to produce solutions like "download this file, then run it, then i just pwnd you".

So while you may hate Ubisoft, Uplay, or whatever for introducing this security flaw, It's kind of annoying to see people crucifying them for installing a backdoor when they didn't. It should also be pointed out that Ubi had a fix out the same day the story broke.
 

rejecht

Attention Micronians
Jun 15, 2009
511
0
16
.no
sites.google.com
The problem is that the programmer who wrote this little bit of code forgot to scrub the input for malicious input.
Was it you? :>


It wasn't a backdoor by design, but by function. "Backdoor" would probably be more correctly used in a context where we're talking about malicious software, but it's just a quickpost as a heads up. Add to that I don't own any Ubisoft titles because I don't own any Ubisoft titles. In retrospect I'd change the subject to something like "PC vs Console (Was: Ubisoft uPlay bug opens computer to interwebs)."
 

Capt.Toilet

Good news everyone!
Feb 16, 2004
5,826
3
38
41
Ottawa, KS
If Fireslash does then I shall say this. Brizz gets games for free so I want games for free. Free games for me = yay. Get on it.
 

rejecht

Attention Micronians
Jun 15, 2009
511
0
16
.no
sites.google.com
I could hear Sir Brizz's eyes salivating all the way from Norway. :lol:


Programming is still a multi-contextual experience. Logical glitches are simply not avoidable. Add to that, some logical glitches come with a higher public multiplication factor than others. (I still remember Service Pack 6 (SP6) for Windows NT 4.0--after a reboot, the TCP/IP stack would stop working, thus was born SP6a.)