Google Engineer Exposes Ubisoft's Uplay DRM as Rootkit
Posted 07/30/2012 | by Paul Lilly



Honest PC users aren't in need of yet another reason to rage against Digital Rights Management (DRM) schemes that often serve to setup hoops for law abiding citizens to jump through without stomping out software piracy, but just in case, here's another one. Ubisoft's Uplay client may contain a rootkit that could allow remote hackers to infiltrate your system and take control. Yikes!

Tavis Ormandy, who serves as an Information Security Engineer at Google, discovered the vulnerability and posted his findings on SecLists.org's Security Mailing List.

"While on vacation recently I bought a video game called Assassin's Creed Revelations. I didn't have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for it's accompanying Uplay launcher, which grants unexpectedly (at least to me) wide access to websites," Ormandy explained. "I don't know if it's by design, but I thought I'd mention it here in case someone else wants to look into it."

Ormandy took it upon himself to follow up his post with a proof of concept exploiting the security hole, but what's even more troubling is how widespread this is. It's not just Assassin's Creed that is affected, but all games that rely on Ubisoft's Uplay DRM, including the entire Assassin's Creed series, Call of Juarez, Silent Hunter 5: Battle of the Atlantic, Heroes of Might and Magic VI, all Tom Clancy titles, and many others. There are nearly two dozen titles in all that are affected by this.