Ubisoft's Intrusive DRM Creates Significant Security Hole
Certain Ubisoft games install a browser plug-in as part of their DRM infrastructure, which can lead to drive-by attacks from infected or malicious websites, create a significant security hole.
Ubisoft's DRM infrastructure means that certain games such as Assassin's Creed II and Tom Clancy's H.A.W.X. 2 silently install a plug-in from Uplay in web browsers such as Firefox, Chrome, Opera and IE. This has the unintended consequence of allowing drive-by attacks from any website, allowing any action to be taken on a PC, potentially putting under the complete control of an attacker. It appears that the flaw may have been patched now, but it's not certain as of the time of writing. There's a proof of concept exploit here which starts the calculator. The good news is that removing the plug-in from the browser removes the vulnerability, so it's easily fixed. There's another way to fix this of course: don't buy Ubisoft titles, since it only encourages them to use this kind of intrusive and dangerous DRM, which many other companies avoid. Dropping sales will soon show them the error of their ways.
We've tested with a PC that has never had Uplay installed on it. The exploit didn’t work at all. After installing Uplay alone, immediately the test link did indeed work, calling up the Uplay window, and then with that, booting the Windows Calculator. After uninstalling Uplay, the exploit once again didn't work.
Posted by | Mon, Jul 30, 2012 - 04:22 PM