Origin is EA’s app store, where users can purchase games and download them with the Origin client. The platform also offers social features like profile management, networking with friends, chat, online gaming, and community integration with networking sites like Facebook, Xbox Live, PlayStation Network and the Nintendo Network.
The problem, however, according to ReVuln, is that attackers can remotely compromise millions of systems in a very silent and undetected way – by exploiting any possible local issue or feature exposed by any of the games available on Origin. The root cause is a design problem of the platform itself.
"The Origin platform allows malicious users to exploit local vulnerabilities or features, by abusing the Origin URI handling mechanism,” wrote ReVuln researchers Luigi Auriemma and Donato Ferrante, in a white paper. “In other words, an attacker can craft a malicious internet link to execute malicious code remotely on victim’s system, which has Origin installed.”
The two demonstrated the flaw on the most recent and well-known game available on the platform, Crysis 311. “We found several ways to trigger remote code execution against remote victim systems by abusing the Origin platform itself,” they explained. “One way is based on exploiting a feature, NVidia Benchmark framework12, in CryEngine’s game engine."
The best protection for Origin users for now is to disable the origin:// URI handler, Auriemma and Ferrante noted. That can be done using tools such as urlprotocolview15. This means a user will be no longer be able to run games via desktop shortcuts or websites with custom command line parameters, but will be still able to play games by running them directly from Origin.
ReVuln recently published research covering a similar vulnerability in Origin’s biggest competitor, the Steam gaming platform.