Industry News

Origin Flaw Puts Millions of Players at Risk, Report Finds

A newly discovered flaw in the Origin distribution platform could allow cyber-criminals to install malware on machines regardless of the operating system.

The technique was documented in a paper by security researchers Luigi Auriemma and Donato Ferranta presented at the BlackHat conference in Amsterdam. This is the same team of researchers who found a similar vulnerability in the Steam browser protocol last October.

Image credit: Origin

The Origin Game store is run by Electronic Arts and is the de-facto distribution platform for highly popular games such as Assassin’s Creed, SimCity, Battlefield 3 and Crysis 3. To enjoy such games, the customer needs to install the Origin client that is in charge of digital rights management.

The game is launched by the Origin process with a series of arguments (parameters). This is possible because the Origin client registers its own protocol that starts with origin://. This way, an attacker can craft a malicious URL and post it to gaming-related forums. As the user clicks this link, the Origin client is instructed to include a malicious payload from a remote server and run it along with an Origin game that they have installed.

“In fact, an attacker can remotely compromise millions of systems in a very silent and undetected way, by exploiting any possible local issue or feature exposed by any of the games available on Origin. As the root cause is a design problem of the platform itself, the best protection for Origin users (at the moment) is to disable the origin:// URI handler,” the researchers wrote in the paper.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.

1 Comment

Click here to post a comment
  • I intended to create you one tiny note to finally thank you so much as before considering the breathtaking strategies you
    have contributed on this page. It was quite open-handed of you in
    giving openly all that many individuals would’ve offered for sale as an e book to help make some profit for their own end, specifically considering that you could have done it if you ever considered necessary. These basics also served to become easy way to fully grasp someone else have the same interest like my very own to find out many more on the topic of this issue. I’m
    sure there are many more fun periods ahead for people who looked
    over your blog post.