Online game from PlayerUnknown’s Battlegrounds dev let players send malware via in-game chat

Online game from PlayerUnknown’s Battlegrounds dev let players send malware via in-game chat

Here’s something new (and very worrying) in the world of online gaming: Tera, an MMORPG (massively multiplayer online RPG) produced by the same developer responsible for PlayerUnknown’s Battlegrounds, had its in-game chat shut down over the weekend following revelations that it could be used as a medium to spread all sorts of malicious nastiness including viruses.

Developer Bluehole launched Tera back in 2011 in South Korea, and it followed to North America and Europe in 2012. It’s an online RPG with combat that plays out like an FPS, but panic struck over the weekend when the game servers were brought down for emergency maintenance to fix a gaping chat-related vulnerability.

Players themselves actually highlighted the flaw in Tera’s chat system, which apparently utilizes HTML, and could reportedly be exploited to bombard other players with dodgy images or links, collect user IP addresses, or even remotely execute malware.

As if MMORPG public chat channels weren’t toxic enough already.

The game’s North American publisher, En Masse, noted at the time: “There are very serious claims floating around of what this vulnerability potentially allows malicious users to do. We are taking these claims very seriously but, as of this time, we have no evidence that the vulnerability is being exploited in these ways or that any player information has been compromised.”

Fixing a hole

En Masse investigated the issue in conjunction with Bluehole, resulting in all chat being disabled save for guild chat last Friday, with the fix subsequently being deployed on Saturday at around 8:00 PST time in the US. Gameforge, the EU publisher, applied the fix on Friday at 16:00 UK time, a day earlier.

So the issue was dealt with fairly swiftly, as you’d hope, although by all accounts players had their game settings reset by the hotfix. Still, better that than a surprise virus arriving via a chat channel…

This is definitely a bit of an eye-opener and a cautionary tale for developers everywhere, for sure, in terms of security considerations when it comes to in-game systems.

And of course it’s particularly interesting that while Tera is hardly a big-name game, its developer is a big fish these days, and the force behind the juggernaut PlayerUnknown’s Battlegrounds.

Via: Engadget

Source: http://www.techradar.com/news/online-game-from-playerunknowns-battlegrounds-dev-let-players-send-malware-via-in-game-chat

Powered by WPeMatico