Researchers: Steam URL protocol can be abused to exploit game vulnerabilities - cusackrawas1998
Attackers dismiss shout the way browsers and past applications handle steam:// protocol URLs in order to exploit serious vulnerabilities in the Steam client or games installed through the platform, according to researchers from startup vulnerability research and consultancy firm ReVuln.
Steam is a pop digital statistical distribution and digital rights management platform for games and, since sooner this calendar month, other software products. According to Valve Pot, the company that developed and operates the platform, Steam offers over 2,000 titles and has over 40 million active accounts.
The Steam client can keep going Windows, Mac OS X and Linux, although as a beta translation only in the latter Operating system.
When the Steam guest is installed on a system, it registers itself as a steamer:// URL protocol manager. This means that every time a user clicks connected a steam:// URL in a browser or a different coating, the URL is passed to the Steam clean customer for execution.
Steam:// URLs can contain Steamer protocol commands to set u Beaver State uninstall games, update games, start games with certain parameters, backup files or do other gimbaled actions.
Attackers keister abuse these commands to remotely exploit vulnerabilities in the Steam client or the Steamer games installed on a system by tricking users into opening maliciously crafted steam:// URLs, ReVuln security researchers and founders Luigi Auriemma and Donato Ferrante said in enquiry paper published on Monday.
The problem is that some browsers and applications mechanically pass steam:// URLs to the Steam client without asking for confirmation from users, the researchers said. Other browsers do request user confirmation, but don't reveal the full URLs or warn active the dangers of allowing such URLs to be dead.
According to tests performed by the ReVuln researchers, Explorer 9, Google Chrome and Opera presentation warnings and the full or partial steam:// URLs ahead passing them to the Steam guest for execution. Firefox too requests user substantiation, but doesn't expose the URL and provides no warning, while Safari mechanically executes steam:// URLs without drug user confirmation, the researchers said.
"All the browsers that fulfill international URL handlers flat without warnings and those settled on the Mozilla engine (equal Firefox and SeaMonkey) are a perfect vector to perform inarticulate Steam Browser Protocol calls," the researchers said. "Additionally for browsers like I and Opera it's still executable to hide the dodgy part of the URL from being shown in the warning message by adding several spaces into the steam:// URL itself."
Aside from tricking users to manually click on rogue steam:// URLs, attackers lavatory use JavaScript code loaded on malicious pages to redirect browsers to such URLs, Luigi Auriemma said Tues via email.
Browsers that require user confirmation for steam clean:// URL execution by default usually put up users with an option to change this behavior and have the URLs automatically executed by the Steam customer, Auriemma aforesaid. " It's highly possible that many gamers already have the steam:// golf links directly executed in the web browser to stave off the annoying of confirmatory them day in and day out."
The researchers released a telecasting in which they demonstrate how steam:// URLs can be accustomed remotely exploit some vulnerabilities they found in the Steam client and popular games.
E.g., the Steamer communications protocol's "retailinstall" command derriere be used to load a malformed TGA splash image file that exploits a vulnerability in the Steam client to execute catty code in the context of its process, the researchers said.
In a different example, a steam:// URL can be victimized to execute legitimate commands found in Valve's Beginning mettlesome engine in order to write a .bat file with assaulter-controlled content inside of Windows Startup folder. Files located in the Windows Inauguration directory are automatically executed when users log in.
The Source game engine is used in many popular games including Half life, Counter-Smasher and Team Fortress that deliver tens of millions of players.
Another fashionable game engine called Unreal supports the loading of files from distant WebDAV operating room SMB mutual directories through command line parameters. A rogue steam:// URL can be used to lade a catty file from so much a placement that exploits one of the many integer overflow vulnerabilities found in the game engine to accomplish malicious code, the ReVuln researchers said.
The auto-update feature article found in some games like APB Reloaded operating theater MicroVolts give notice also be mistreated through steam:// URLs to make up files with attacker-price-controlled content along the disk.
In order to protect themselves users can disable the steamer:// URL protocol handler manually or with a specialized application, or can consumption a browser that doesn't mechanically execute steamer:// URLs, Auriemma said. "The downside is that the gamers who use these links locally (shortcuts) or online (web browser) to join servers operating theater use other features of this protocol will atomic number 4 unable to use them."
Because Safari is one of the browsers that automatically executes steam:// URLs, Mac OS X users, which represent the majority of the web browser's user base, might comprise more exposed to so much attacks. "Mac OS is the secondary weapons platform exploited on Steam and many games are available for this chopine so it has a wide user base," Auriemma said.
"In our opinion Valve must remove the passing of command-line parameters to games because it's too mordacious and they fundament't see how these third parties software system can playact with malformed parameters," the investigator said.
Valve did not like a sho return a request for gossip.
Earlier this month Valve started to distribute select not-gaming software titles through Steam. Vulnerabilities base in much applications might as wel be exploitable through steam:// URLs, Auriemma aforementioned.
"In the recent months Valve invested a lot in the Steam political platform launching the beta version of Steam for Linux, adding the GreenLight table service where users seat vote what games they would like to see available on Steam clean, added the Software section, added more games and some highlighted games available riddled for moderate metre, dozens of free-to-recreate games and much Sir Thomas More," the investigator said. "There was no better moment to notice these issues than now."
Source: https://www.pcworld.com/article/461663/researchers-steam-url-protocol-can-be-abused-to-exploit-game-vulnerabilities.html
Posted by: cusackrawas1998.blogspot.com
0 Response to "Researchers: Steam URL protocol can be abused to exploit game vulnerabilities - cusackrawas1998"
Post a Comment