In October, video game giant Activision said it had fixed a bug in its anti-cheat system that affected “a small number of legitimate player accounts,” who were getting banned because of the bug.
In reality, according to the hacker who found the bug and was exploiting it, they were able to ban “thousands upon thousands” of Call of Duty players, who they essentially framed as cheaters. The hacker, who goes by Vizor, spoke to TechCrunch about the exploit, and told their side of the story.
“I could have done this for years and as long as I target random players and no one famous it would have gone without notice,” said Vizor, who added that it was “funny to abuse the exploit.”
[…]
In 2021, Activision released its Ricochet anti-cheat system, which runs at the kernel level in an attempt to make it even harder for cheat developers to get around it.
Vizor said they were able to find a unique way to exploit Ricochet, and use it against the players it was supposed to protect. The hacker realized Ricochet was using a list of specific hardcoded strings of text as “signatures” to detect hackers. For example, Vizor said, one of the strings was the words “Trigger Bot,” which refers to a type of cheat that automatically triggers a cheater’s weapon when their crosshair is over a target.
Vizor said they could simply send a private message — known as a “whisper” in the game — that included one of these hardcoded strings, such as “Trigger Bot,” and get the player they were messaging banned from the game.
“I realized that Ricochet anti-cheat was likely scanning players’ devices for strings to determine who was a cheater or not. This is fairly normal to do but scanning this much memory space with just an ASCII string and banning off of that is extremely prone to false positives,” said Vizor, referring to how the game was effectively scanning for banned keywords, regardless of context.
[…]
“If you know what signature the anti-cheat is looking for, I find a mechanism to get those bytes in your game process and you get banned,” said the person, who asked to remain anonymous. “I can’t believe [Activision] are banning people on a memory scan of ‘trigger bot.’ That is so incredibly stupid. And they should have been protecting the signatures. That’s amateur hour.”
Apart from random players, Vizor said they targeted some well-known players, too. In the period of time Vizor was using the exploit, some video game streamers posted on X that they had been banned, and then unbanned, once Activision fixed the bug.
The company was alerted of the existence of the bug when Zebleer published details of the exploit on X.
“It was nice to see it get fixed and see unbans,” said Vizor. “I had my fun.”
Source: Hacker says they banned ‘thousands’ of Call of Duty gamers by abusing anti-cheat flaw | TechCrunch
What this article misses is that anti-cheat programs have kernel level access to your system. This means that they are able to not only read anything anywhere on your system, but they are also able to alter whatever they like on your system. It’s not just spyware, but a potential virus or ransomware application just waiting to be hijacked. The ease with which this was exploited shows how dangerous these programs are. Expect more exploits through this route, as they are coded extremely poorly, apparently.
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft