Ubisoft DRM Fiasco: Allows Any Website To Take Control Of Your Computer

from the punishing-your-paying-customers dept

It's been nearly seven years since the great Sony rootkit fiasco, when it was discovered that Sony Music was using some DRM on its CDs that self-installed a rootkit (without letting users know) that had all sorts of security problems and vulnerabilities. The company took a massive hit for this, and you would think that others would be a lot more careful with their own DRM. You would think. But, then you don't know Ubisoft. The vast majority of times we've ever discussed Ubisoft in these pages, it's been because the company was doing something ridiculous with DRM. The company loves its DRM and seems to refuse to recognize that pissing off legitimate customers isn't such a good idea.

So would it come as any surprise that it may now be facing a "rootkit moment" of its own?

As a whole bunch of folks have been submitting, some hackers have figured out that Ubisoft's Uplay DRM appears to install an unsecure browser plugin. The details came out over the weekend, first on a security mailing list, and were then followed up with some test exploit code posted to Hacker News.

Basically, it appears that Ubisoft's DRM is installing an accidental backdoor that makes it possible for any website to effectively take control over your computer. That's... uh... pretty bad.

From the details, the real problem sounds to be one of exceptionally poor coding, rather than maliciousness. Basically, they wanted to let you launch the game via a website, but failed to limit it to just the game -- meaning that a site can make use of the plugin to basically do a whole bunch of stuff on your computer (including things you don't want it to do). The browser plugin is easy to remove (and you should, um, immediately, if you've installed any Ubisoft games), so it's not quite as messy as Sony's rootkit, which was pretty deeply buried. But it's still really bad.

Yet another case of DRM really making life difficult for legitimate customers who paid money for your product. When will companies figure out that DRM does nothing to stop piracy, but makes life really difficult for the people who actually give you money?

Filed Under: browser plugin, control, drm, rootkit, security, uplay
Companies: ubisoft


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    hopponit (profile), 2 Aug 2012 @ 5:47pm

    sony rootkit

    Sony got caught in a big flap about rootkits before but I never heard more about an earlier example. Back in the late '90s on my first PC I purchased Beem, an emulator for playing Play-station games on PCs. I used it to play the games while my kids were hogging the consoles. It worked pretty well till Sony took them to court and caused them to go out of business. Older games would still play. But if you tryed a game launched after Sony started to go after them suddenly Beem wouldn't work. Even games that had played stopped functioning until you re-installed your OS and then only with the older games. Run a newer game and you were back to re-installing the OS. I have boycotted all new Sony products since then. Before that I was pretty much a big fan-boy of Sony. May they get much sand in their swim trunks at the beach:) We just got our third new Xbox, never another Play-Station!

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.