A loophole in the way Origin handles links to games users have downloaded and installed to make it run code that compromised a target machine. So far it does not appear that the loophole has yet been used by malicious hackers. EA said that it is investigating the vulnerability. Origin acts as a distribution system, where customers can buy, download and manage EA video games as well as chat with friends about them.
Donato Ferrante and Luigi Auriemma, from security company ReVuln, found a weakness in the way games were started via Origin. Apparently Origin uses a web-like syntax to keep track of the places games are found on a computer so they can quickly be started when people want to play.
But if you mess around with this you can make it point to malicious code instead of a game.
"An attacker can craft a malicious internet link to execute code remotely on victim's system, which has Origin installed," wrote the researchers in a paper detailing their work.
Origin vulnerable to hacking
EA Games has just received even more bad news as researchers discover a big hole in its Origin game store. The company, which stuffed up a flagship launch of SimCity, and lost its CEO, has just been told that 10 million people who use its Origin game store are at risk from a hack attack that swaps games for malicious code.
Nick Farrell
E-mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view itLatest from Nick Farrell