A security flaw in EA’s Origin client exposed users accounts to hackers
Popular online game sharing and downloading site, Origin was found to have a major breach in security. The gaming community is in a state of shock as Origin is run by the gaming giant EA. However, it has fixed the vulnerability in the platform after security researchers found they could trick an unsuspecting gamer into remotely running malicious code on their computer. The bug affected only Windows users who had the application installed, MacOS users remain unaffected. Origin is widely used to buy, access and download games. However, to make it easier to access an individual game’s store from the web, the client has its own URL scheme that allows gamers to open the app and load a game from a web page by clicking a link by adding to
origin:// the address. The bug was sought out by security researchers, Daley Bee and Dominik Penner of Underdog Security. They found that the application could be manipulated into running any application on the unsuspecting users PC. TechCrunch, a technology analysis website was provided a proof of concept code. Upon running the code they revealed that The code allowed any app to run at the same level of privileges as the logged-in user. In this case, the researchers popped open the Windows calculator the go-to app for hackers to show they can run code remotely on an affected computer. Bee said a malicious link could be sent as an email or listed on a webpage, but could also triggered if the malicious code was combined with cross-site scripting exploit that ran automatically in the browser. This flaw also allows a hacker to access a users account without the password. The level of complacency that EA has shown here is rather appalling, users expect more from a company that has been in the industry for as long as they have.