YouTuber claims Hackers can take over your computer via a vulnerability in Marvel Rivals.
2 min read
An incredibly popular title released recently, Marvel Rivals, has the greatest player base today on Steam. Even as players commend the devs for succumbing to pressure and rolling back their decision on rank changes, there are practically an equal number of complaints about a plethora of other technical issues, ranging from optimization problems and unskippable animations to the many bugs that plague the game.
Another one is considered a grave issue: a serious security exploit.
One of the user-maintained sites for the game, which is a rival to other Marvel games, recently released a video showing how a security issue could allow hackers to take full access to the targets and threats of other players on their machines.
A YouTuber asserts Players of Marvel Rivals are in danger because of a security issue.
He stated in an introductory message that his intention “isn’t fear-mongering,” it is rather “to illustrate how this class of vulnerability works and why it is so important for the game developers to design the hotfixes and patch updates securely and safely.”
He added that, although he could not get into technical specifics, this exploit “is a flaw in how the patching system works.”
What they explained was basically that it was independently designed “for game developers to run code to update parts of the game on your device.” There then is a flaw which if discovered could allow someone “to execute code on your machine,” as it is described in the security industry, or Remote Code Execution (RCE).
In the video, he set up the “victim” laptop using a gaming laptop and a travelling laptop. He exploited the tool while injecting a Python script to take control of the system immediately after it connected to the Marvel Rivals server.
“My laptop is owned at this point; it is sending all my passwords to some malicious user.” “The issue with this game…” he clarified in his blog post and video. The game’s lack of a proper means of verifying communication between users and the game’s server has led to its disqualification as a cheat-prevention factor.
Combine this with the admin privileges the game has for Anti-Cheat, and a “rogue user” can effectively inject Python by targeting the game’s instance.
Fearful thought; there were limitations. In his words, one avenue of attack could arise from playing the game alongside the hacker on the same Wi-Fi; hence anyone involved in that playgroup at a public site like a coffee shop or school might be at risk.
