Hey all, I'm writing in regards to on-line games and the privacy implications users of those games might not be aware of. Especially information-gathering mechanisms which can be used to gather information about a user's system, software installed, and other details which can be used by advertisers, marketing agencies e.t.c... Today I will be specifically talking about Half-Life and the built-in server-side mechanisms to control the client's game console, thus enabling these privacy breaches. Valvesoftware LTD's Half-Life game is an extremely popular game played by hundreds of thousands of people world-wide. Modifications for Half-Life such as Counter-Strike, Team Fortress Classic, and Day of Defeat are extremely popular and played on-line by children and adults alike. Nowhere does it say on the box, that by playing the game on-line you give up your rights to privacy or otherwise. First Problem: File Scanning Scope: Remote Description: Built into Half-Life is a function called *g_engfuncs.pfnClientCommand which allows server-side plugins/modifications to execute game console commands on the client's computer, change their game settings etc... It proabably seems simple enough: Let server admins control how clients are setup to prevent cheating. That's great, but on the client and server-side there is a command called 'exec' which allows users to execute config/script files which can be used to change game settings, bind keys to commands/aliases etc... but this command also has the ability to report whether or not a file exists on the local machine. When you combine this with *g_engfuncs.pfnClientCommand, server operators can detect the presence of a file on the machine of any gamer connected to that server. Furthermore code is already available which automates filescan given a list of files to search for. THERE IS NO WAY TO DISABLE THIS MECHANISM CURRENTLY. Why is this a big deal? It allows people to remotely and automatically upon connection to a server stealthly scan a players hard drive for the existence of any file and log the results, thus allowing them to gain information about the user's PC. And with thousands of kids all over the world playing the game unaware that their files or in many cases their parents/families files could be scanned as they are playing server admins. This opens the door for hardware fingerprinting (by searching for specific driver files), program use (by searching common locations for program installations), cookie files from IE on certain OSes (not sure if this is possible, but it might be) which could indicate which sites people visit, etc... We consider this a hole in other products, we should start looking at the games our children play in the same way. Second Problem: Denial of Service Attacks Scope: Remote Description: Again, by making use of *g_engfuncs.pfnClientCommand we can force clients to record demos and such which attempt to write to device names such as prn, aux, lpt1, etc... on all windows operating systems, and on some cause windows to completely lock-up potentially causing dataloss. Such a command is the 'record' command for recording demos. There are more holes which I feel would be innapropriate to make public at this time. Any comments? I know a lot people disagree with me or have meaningful opinions on the security (or lack-of in games are children are playing) Best Regards as always, Stan Bubrouski
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 18:19:43 PDT