Origin exploit lets attackers launch malicious code

Take heed before you click that shady hyperlink--security researchers have found an exploit in Origin's remote-launching capabilities which would let attackers to run malicious code on user's systems. The presentation last week, reported by Ars Technica, illustrated how Origin's uniform resource identifiers can be exploited.

"[A]n attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed," the researchers wrote in an accompanying paper.

These URIs are used to let websites and client-side programs interact, so in this case a website can launch a game on a client's computer. But those links can be used for nefarious purposes, as well--assuming the malicious bit of software is already there on the computer, awaiting activation.

Electronic Arts responded to Ars Technica, saying "our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure." For what it's worth, a similar flaw was discovered with Steam's URI system last year and we haven't heard of any epidemics yet.

Connor Sheridan

I got a BA in journalism from Central Michigan University - though the best education I received there was from CM Life, its student-run newspaper. Long before that, I started pursuing my degree in video games by bugging my older brother to let me play Zelda on the Super Nintendo. I've previously been a news intern for GameSpot, a news writer for CVG, and now I'm a staff writer here at GamesRadar.