this post was submitted on 19 Mar 2024
468 points (92.4% liked)

Technology

59331 readers
5262 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Wow it finally happened. So glad I switched to steam running on linux mint last week. I refused to install helldivers because it wanted to install some no holds barred god level permissions anti-cheat software. Windows 11 was the last straw for me. Good times..

The volunteers at the Anti-Cheat Police Department have since issued a PSA announcing, "There is currently an RCE exploit being abused in [Apex Legends]" and that it could be delivered via from the game itself, or its anti-cheat protection. "I would advise against playing any games protected by EAC or any EA titles", they went on to say.

As for players of the tournament, they strongly recommended taking protective measures. "It is advisable that you change your Discord passwords and ensure that your emails are secure. also enable MFA for all your accounts if you have not done it yet", they said, "perform a clean OS reinstall as soon as possible. Do not take any chances with your personal information, your PC may have been exposed to a rootkit or other malicious software that could cause further damage."

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 7 points 7 months ago* (last edited 7 months ago) (1 children)

Apparently the "easy" in EAC means easy like when you call a woman easy...

[–] [email protected] 2 points 7 months ago

It ain't easy being sleazy.

[–] [email protected] 6 points 7 months ago

Hahahaha fuck them enabling customers.

[–] [email protected] 47 points 8 months ago (1 children)

The missing context here (not your fault, i think people reporting this are being misleading) is that they were using their personal systems in this tournament. That means whatever dodgy software they've installed can't be monitored in a controlled environment, and claims of it being EAC's fault is unfounded.

A proper tournament would have controlled hardware and software, even if playing remotely at a professional level. You can't guarantee these systems haven't been tampered with, even if the players insist on proper security measures.

[–] [email protected] 12 points 8 months ago (1 children)

So, lemme get this straight: allowing remote parties to install malware (DRM) on your system results in allowing remote parties to install malware on your system? Wow, who could have known! Certainly not the distributors of the step-one malware, am I right?

I'm certain there's a couple of lessons to be learned here (install and run games as normal, non-elevated users, people! It's easy to do on Linux) but I'm also somehow certain Big Corpos are going to stick their heads into the sand regarding such lessons.

Oh well, the pirate way it is.

[–] [email protected] 4 points 7 months ago
  • This isn't DRM, but an anti-cheat
  • The game is free, there's nothing to oirste
  • The developer has announced that it's not the anticheat's fault after all, but a remote execution vulnerability in the game itself
[–] [email protected] 6 points 8 months ago

There's a super interesting video by PirateSoftware on YouTube about this too.

[–] [email protected] 20 points 8 months ago (3 children)

Sounds fanciful.

EAC doesn't open up ports into your network as far as I'm aware.

Pretty much the only way to do RCE in games with no direct P2P connection is to send malformed data to the server, and then it sends that to the other clients, relying on things not being checked in two places. We've seen this a few times, in Dark Souls series and GTA Online.

I can't see for the life of me how EAC would cause that.

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago)

EAC doesn’t open up ports into your network as far as I’m aware.

No but the game code does. And that game code also interacts with EAC. You can argue it's a bug in Apex Legends, and it would be that too, but the fact is that EAC shouldn't be executing arbitrary commands based on what the game code has given it, so if that possibility exists in EAC, it is still an RCE in Apex Legends and a kernel privilege escalation flaw in EAC.

[–] [email protected] 12 points 8 months ago

It’s very likely not EAC that’s the problem. Best guess is the hacker has some kind of server side access, be it allowing unsigned/unauthorized operations to be executed from a client or having access to the servers themselves via rce

[–] [email protected] 5 points 8 months ago (2 children)

So what's going on? These players all had cheats loaded and this is the excuse they came up with when it was detected on their systems? Cheats are pretty rampant, but they've mostly shifted to people using external hardware like XIM or Chronos to bypass cheat detection and abuse the Aim Assist function. It's blatantly obvious in competitive games, especially first-person shooters. Ah well, get gud kid. Learn how to aim.

[–] [email protected] 11 points 7 months ago

In another thread for this, someone posted links to streams of the players when it happens. They immediately notice and adjust their playstyle to avoid the cheat (one guy with wall hack leaves the game, another guy with aim bot stops shooting anything). It wasn't a case of "game detects cheating and player tries to explain after the fact", but "cheat suddenly and obviously enabled, player announces it immediately in voice chat and team advises to leave".

[–] [email protected] 5 points 8 months ago

Considering it's two high profile players, I'd say the most likely is that they were tricked into downloading something, or some other software they were using had an exploit (I've had one from a browser plugin before now). There's a video elsewhere in this thread of one of them downloading Malwarebytes for something, so maybe they didn't manage to get rid of whatever it was.

Other option is an exploit on the server. Maybe there's some way of sending malformed data to a player you're not currently in a game with to exploit an RCE. It's not completely impossible, but I figure we'd see it a lot more if that was the case.

I'd put money on option 1 though.

load more comments
view more: next ›