502
submitted 7 months ago* (last edited 7 months ago) by catch22@programming.dev to c/technology@lemmy.world

Wow it finally happened. So glad I switched to steam running on linux mint last week. I refused to install helldivers because it wanted to install some no holds barred god level permissions anti-cheat software. Windows 11 was the last straw for me. Good times..

The volunteers at the Anti-Cheat Police Department have since issued a PSA announcing, "There is currently an RCE exploit being abused in [Apex Legends]" and that it could be delivered via from the game itself, or its anti-cheat protection. "I would advise against playing any games protected by EAC or any EA titles", they went on to say.

As for players of the tournament, they strongly recommended taking protective measures. "It is advisable that you change your Discord passwords and ensure that your emails are secure. also enable MFA for all your accounts if you have not done it yet", they said, "perform a clean OS reinstall as soon as possible. Do not take any chances with your personal information, your PC may have been exposed to a rootkit or other malicious software that could cause further damage."

top 50 comments
sorted by: hot top controversial new old
[-] jabathekek@sopuli.xyz 198 points 7 months ago

...your PC may have been exposed to a rootkit or other malicious software that could cause further damage."

"The rootkit you installed on your pc allowed a rootkit or other malicious software to be installed on your PC."

[-] pivot_root@lemmy.world 72 points 7 months ago* (last edited 7 months ago)

"But, it stopped little Aimbot Andrew from successfully using the xProAimb0t2024 program he spent his monthly allowance on! Never mind the rest; it's working as intended. Closed as WONTFIX."

– Anticheat developers

[-] tiredofsametab@kbin.run 132 points 7 months ago

Fyi, it's "no holds barred" as in no type of hold is disallowed. "no holes barred" is a decidedly different sort of event

[-] PainInTheAES@lemmy.world 47 points 7 months ago

As a nevernude I prefer no holes bared

[-] einlander@lemmy.world 9 points 7 months ago

No holes Bard.

load more comments (2 replies)
[-] Potatos_are_not_friends@lemmy.world 7 points 7 months ago* (last edited 7 months ago)

Yeah, the "hole bars" are the ones you wanna go if you're trying to get lucky in the back if you know what I mean ( ͡° ͜ʖ ͡°)

load more comments (2 replies)
[-] catch22@programming.dev 6 points 7 months ago* (last edited 7 months ago)

Point taken, grammar updated, but.... since we are talking about basically opening your OS up to anything EA might enjoy doing to it, maybe this is a rare occasion where the mistake fits the context? Just sayin...

load more comments (1 replies)
[-] tabular@lemmy.world 129 points 7 months ago

The real cheats are the proprietary software we installed along the way.

[-] db2@lemmy.world 72 points 7 months ago

leopards.exe has eaten your face and will continue.

[OK] [Yes] [I deserve it]

[-] Iapar@feddit.de 71 points 7 months ago

Hacking aside it is funny to me that the anti-cheat made it possible to enable cheats.

[-] noevidenz@infosec.pub 61 points 7 months ago

There is currently no evidence of an RCE exploit in EAC, and EAC themselves as well as their owner, Epic, have both denied the existence of an RCE in their software.

There's a video from about a month ago in which ImperialHal and Genburten (on separate occasions) are in a match against the person named in the messages sent by the exploit on Genburten's machine.

It's possible that they were in contact with the hacker after that point and that he tricked them into downloading something they shouldn't have.

Otherwise, it's also possible that there is an exploit in Apex/Source that the hacker used. He may have been able to get their IP during the public match a month ago and then use it to target them during the competition.

Beyond what was seen during the competition, the hacker was also able to gift thousands of Apex packs to several players (seemingly without paying for them) and was able to get 40+ "bot" players into a single match and to all target an individual player. He also claimed to be able to open crates on another player's account. These other exploits seem to indicate that he has elevated access to both the server and to multiple APIs, but none of them indicate elevated access to user machines in general.

[-] merthyr1831@lemmy.world 14 points 7 months ago* (last edited 7 months ago)

Cancel my comment about this being a possible 0day or whatever. They were playing this tournament on their personal systems, which makes it way easier for someone to accidentally download malicious software without players' consent.

[-] PipedLinkBot@feddit.rocks 7 points 7 months ago

Here is an alternative Piped link(s):

a video

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[-] merthyr1831@lemmy.world 48 points 7 months ago

The missing context here (not your fault, i think people reporting this are being misleading) is that they were using their personal systems in this tournament. That means whatever dodgy software they've installed can't be monitored in a controlled environment, and claims of it being EAC's fault is unfounded.

A proper tournament would have controlled hardware and software, even if playing remotely at a professional level. You can't guarantee these systems haven't been tampered with, even if the players insist on proper security measures.

load more comments (1 replies)
[-] sp6@lemmy.world 39 points 7 months ago

The clips of the hacks being installed/activated are pretty crazy:

Note that the title has been edited: we do NOT know if this was EAC yet. The article says it "may have been." EAC has claimed it wasn't them (but of course they're going to claim that). Instead, it could have been Apex's source engine. Or, it could have been two individually compromised machines from software completely unrelated to Apex; remember, these are two high-profile targets, after all. We just have to wait and see what the real cause was. Regardless, I wouldn't play Apex for at least the next day or two, just to be safe.

load more comments (1 replies)
[-] cybersandwich@lemmy.world 35 points 7 months ago

Is there any actual evidence that this was done via an EAC exploit?

These could be two spear phished players with hacked PCs. (2 of the best and biggest audiences making them ideal targets). People have also mentioned r5 potentially being a culprit.

If this was eac related or even a bigger client side hack (RCE), you'd think it'd be more wide spread.

I wish the reporting on this was better all around. At this point I've seen no actual evidence of anything supporting RCE or that it was EAC to blame.

load more comments (6 replies)
[-] ramielrowe@lemmy.world 32 points 7 months ago

I do not buy this RCE in Apex/EAC rumor. This wouldn't be the first time "pro" gamers got caught with cheats. And, I wouldn't put it past the cheat developers to not only include trojan-like remote-control into their cheats, but use it to advertise their product during a streamed tournament. All press is good press. And honestly, they'd probably want people thinking it was a vulnerability in Apex/EAC rather than a trojan included with their cheat.

[-] KairuByte@lemmy.dbzer0.com 20 points 7 months ago

Mmmm I’ve not done any digging, but the likelihood of a large number of streamers all using cheating software and a large number of them literally announcing it and leaving the game is quite slim.

Think of it this way, assuming they were cheating, the streamers would not want to get caught right? So they would be using cheats that aren’t being broadcast over their streaming software. To then announce “oh no I’m cheating” and quit would be silly, what would be the point of this even joining the tournament at that point? On the other hand, if the cheats were visible on their streams… that seems like a glaring issue a streamer wouldn’t make, never mind a large number of them.

[-] bjoern_tantau@swg-empire.de 11 points 7 months ago

I think their hypothesis is that the streamers had installed and used cheats outside of the tournament and that the cheat suppliers enabled them remotely to advertise on the big stream.

load more comments (1 replies)
[-] Tarquinn2049@lemmy.world 9 points 7 months ago* (last edited 7 months ago)

They probably didn't randomly guess what happened. There would be pretty obvious clues as to how it happened. The network traffic for tournaments like this is monitored. Because they have to be done online. If they had no idea what actually happened, they would have at least been suspicious of the players at first. No matter what messages were playing in chat at the time.

[-] ramielrowe@lemmy.world 23 points 7 months ago* (last edited 7 months ago)

This isn't a statement from Apex or EAC. The original source for the RCE claim is the "Anti-Cheat Police Department" which appears to just be a twitter community. There is absolutely no way Apex would turn over network traffic logs to a twitter community, who knows what kind of sensitive information could be in that. At best, ACPD is taking the players at their word that the cheats magically showed up on their computers.

PS. Apparently there have been multiple RCE vulnerabilities in the Source Engine over the years. So, I’m keeping my mind open.

load more comments (1 replies)
[-] CaptainBasculin@lemmy.ml 8 points 7 months ago

There is an RCE exploit in EAC which has been confirmed by their twitter account; but they didn't confirm of it being exploited anywhere.

My belief is that the people responsible into it hacked these people months ago; as a few months ago the same hacker did attack ImperialHal while on stream with botted zombie accounts that follow him to kill him. On that stream's highlights all those bots were named (number)destroyer2009fan; which is the same as the person that spammed the chat at the time of the hack.

This is not an advertisement for cheats. Searching the hacker's name in cheat forums doesn't point to any specific program. I suspect that this is openly calling out Respawn to fix their anticheat, which has been a laughing stock.

[-] noodlejetski@lemm.ee 13 points 7 months ago

There is an RCE exploit in EAC which has been confirmed by their twitter account

really? because all I've seen was them saying the exact opposite: https://twitter.com/TeddyEAC/status/1769725032047972566

load more comments (2 replies)
load more comments (2 replies)
[-] FilterItOut@thelemmy.club 29 points 7 months ago

That was a strange path my mind took as I read the title, thinking it was a satire piece about competitors trying to sneak in cheats... Like, the "Anti-Cheat Police Department" couldn't be anything but a laughingstock.

[-] tal@lemmy.today 27 points 7 months ago

So glad I switched to steam running on linux mint last week.

Doesn't EAC work on Linux?

googles

It sounds like it has for two years:

https://www.forbes.com/sites/jasonevangelho/2022/03/01/apex-legends-now-works-on-linux-with-official-eac-support/

‘Apex Legends’ Now WORKS On Linux With Official EAC Support

I mean, I use Linux myself. But I don't know if Linux is a fix for "game I use may have vulnerabilities".

In theory, maybe Linux/Steam could isolate individual games (might be further along with Wayland than Windows is), but that's not how things work today. If you install software from Steam, it's got access to act as you, and if it has vulnerabilities that permit for remote compromise, then you'd be vulnerable as well.

[-] loutr@sh.itjust.works 26 points 7 months ago

Under linux EAC runs as your normal user, so it can't install system-wide malware but it can read/write your personal data. If you create a dedicated user for gaming you should be safe from this kind of stuff.

load more comments (2 replies)
[-] Blackmist@feddit.uk 22 points 7 months ago

Sounds fanciful.

EAC doesn't open up ports into your network as far as I'm aware.

Pretty much the only way to do RCE in games with no direct P2P connection is to send malformed data to the server, and then it sends that to the other clients, relying on things not being checked in two places. We've seen this a few times, in Dark Souls series and GTA Online.

I can't see for the life of me how EAC would cause that.

[-] BURN@lemmy.world 12 points 7 months ago

It’s very likely not EAC that’s the problem. Best guess is the hacker has some kind of server side access, be it allowing unsigned/unauthorized operations to be executed from a client or having access to the servers themselves via rce

[-] RememberTheApollo_@lemmy.world 6 points 7 months ago

So what's going on? These players all had cheats loaded and this is the excuse they came up with when it was detected on their systems? Cheats are pretty rampant, but they've mostly shifted to people using external hardware like XIM or Chronos to bypass cheat detection and abuse the Aim Assist function. It's blatantly obvious in competitive games, especially first-person shooters. Ah well, get gud kid. Learn how to aim.

[-] Buddahriffic@lemmy.world 11 points 7 months ago

In another thread for this, someone posted links to streams of the players when it happens. They immediately notice and adjust their playstyle to avoid the cheat (one guy with wall hack leaves the game, another guy with aim bot stops shooting anything). It wasn't a case of "game detects cheating and player tries to explain after the fact", but "cheat suddenly and obviously enabled, player announces it immediately in voice chat and team advises to leave".

load more comments (1 replies)
load more comments (1 replies)
[-] veniasilente@lemm.ee 19 points 7 months ago

So, lemme get this straight: allowing remote parties to install malware (DRM) on your system results in allowing remote parties to install malware on your system? Wow, who could have known! Certainly not the distributors of the step-one malware, am I right?

I'm certain there's a couple of lessons to be learned here (install and run games as normal, non-elevated users, people! It's easy to do on Linux) but I'm also somehow certain Big Corpos are going to stick their heads into the sand regarding such lessons.

Oh well, the pirate way it is.

load more comments (1 replies)
[-] NiPfi@lemmy.world 19 points 7 months ago* (last edited 7 months ago)

Is Helldiver's anti cheat that bad too? am I at least a little better off running the game through Proton on Linux or am I just providing a compatibility layer to a rootkit?

[-] fannymcslap@lemmy.world 9 points 7 months ago

Wait who TF is cheating in HD? It's pve?

[-] n3m37h@lemmy.dbzer0.com 9 points 7 months ago

You would be surprised who will cheat. Watch Karl Jobst and some of the cheaters he has made vids on

load more comments (2 replies)
load more comments (1 replies)
[-] wahming@monyet.cc 8 points 7 months ago
[-] InfiniWheel@lemmy.one 7 points 7 months ago

Doesn't the compatibility layer mean its restricted to its own wine prefix? Or am I misunderstanding?

[-] wahming@monyet.cc 7 points 7 months ago

In theory. However, wine was not designed as a security sandbox, and it might be possible (or even trivial) for something to intentionally break out of it. This gets more likely when considering the growing market share of linux.

load more comments (2 replies)
[-] noodlejetski@lemm.ee 17 points 7 months ago* (last edited 7 months ago)

sadly it's been posted to Xitter, but I enjoy this 5 second clip of ImperialHal (one of the affected players):

https://twitter.com/babyducksss/status/1769541847829913925

yeah, totally not a compromised PC

load more comments (4 replies)
[-] altima_neo@lemmy.zip 16 points 7 months ago

So about those holes... We gonna bar them?

load more comments (2 replies)
[-] BmeBenji@lemm.ee 10 points 7 months ago* (last edited 7 months ago)

I imagine their surprise came across kind of like this

“what is this? I bought a xbox card! what is this? i don’t even know what that is!”

load more comments (2 replies)
[-] Wes_Dev@lemmy.ml 10 points 7 months ago

“I would advise against playing any games protected by EAC or any EA titles”, they went on to say.

Easy. I specifically blocked all titles with the tags "EA" and "EA Play" on Steam. Never have to worry about it.

load more comments (3 replies)
[-] kate@lemmy.uhhoh.com 7 points 7 months ago
[-] simplejack@lemmy.world 6 points 7 months ago

So does the TiVo

[-] TheDarksteel94@sopuli.xyz 6 points 7 months ago

There's a super interesting video by PirateSoftware on YouTube about this too.

load more comments
view more: next ›
this post was submitted on 19 Mar 2024
502 points (100.0% liked)

Technology

59166 readers
2013 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS