Tavis Ormandy, one of Google's security engineers, reportedly uncovered the backdoor and wrote about it on the Seclists.org mailing list on Sunday. Ormandy posted a few lines of JavaScript code as a tentative (and untested) proof of concept. The story made it onto Hacker News this morning, as did a working implementation of the proof of concept. According to the Hacker News post, the code was confirmed to work on a PC with Assassin's Creed on a Windows 7 system with Firefox installed. The proof of concept apparently loads up the Windows Calculator. HackerNews says the following games come with Uplay software and may make users' PCs vulnerable:Details on how to disable the plug-in can be found at Rock, Paper, Shotgun. The site also mentions that Ubisoft claims it has resolved the issue with Uplay version 2.04.
Assassin's Creed II Assassin's Creed: Brotherhood Assassin's Creed: Project Legacy Assassin's Creed Revelations Assassin's Creed III Beowulf: The Game Brothers in Arms: Furious 4 Call of Juarez: The Cartel Driver: San Francisco Heroes of Might and Magic VI Just Dance 3 Prince of Persia: The Forgotten Sands Pure Football R.U.S.E. Shaun White Skateboarding Silent Hunter 5: Battle of the Atlantic The Settlers 7: Paths to a Kingdom Tom Clancy's H.A.W.X. 2 Tom Clancy's Ghost Recon: Future Soldier Tom Clancy's Splinter Cell: Conviction Your Shape: Fitness Evolved
Ubisoft DRM accused of making PCs vulnerable
Posted on Monday, July 30 2012 @ 17:48 CEST by Thomas De Maesschalck