A newly discovered flaw in the Origin distribution platform could allow cyber-criminals to install malware on machines regardless of the operating system.
The technique was documented in a paper by security researchers Luigi Auriemma and Donato Ferranta presented at the BlackHat conference in Amsterdam. This is the same team of researchers who found a similar vulnerability in the Steam browser protocol last October.
Image credit: Origin
The Origin Game store is run by Electronic Arts and is the de-facto distribution platform for highly popular games such as Assassinâ€™s Creed, SimCity, Battlefield 3 and Crysis 3. To enjoy such games, the customer needs to install the Origin client that is in charge of digital rights management.
The game is launched by the Origin process with a series of arguments (parameters). This is possible because the Origin client registers its own protocol that starts with origin://. This way, an attacker can craft a malicious URL and post it to gaming-related forums. As the user clicks this link, the Origin client is instructed to include a malicious payload from a remote server and run it along with an Origin game that they have installed.
â€œIn fact, an attacker can remotely compromise millions of systems in a very silent and undetected way, by exploiting any possible local issue or feature exposed by any of the games available on Origin. As the root cause is a design problem of the platform itself, the best protection for Origin users (at the moment) is to disable the origin:// URI handler,â€ the researchers wrote in the paper.