Security experts spotted a nasty Battlefield Play4Free bug in the code that EA published which allows hackers to violate any users’ PC. The exploit allows the hacker to then lure the player to a “booby-trapped” website where all sorts of things can go wrong.
The Battlefield Play4Free bug was brought to light at the Black Hat security conference in Amsterdam last week. Older versions of Windows (including XP and 2003) are vulnerable to the Battlefield Play4Free bug which is bad news. Approximately 39% of the 1 million players networked to Battlefield Play4Free still use these outdated operating systems.
Battlefield Play4Free Bug Sneaks in Your Back Door
The exploit works by instructing users to download a seemingly necessary “MOD” file. The file, in fact, contains a corrupt batch file that is executed at PC restart. This Battlefield Play4Free bug is similar to many such exploits that take advantage of software (such as games) that were designed for play on newer computers with newer operating systems but which are backwards compatible with older systems. Because of the discrepancy in coding, hackers can easily skirt all of the security measures put in place by game designers and easily capture the PCs (and potentially personal data) of unaware users.
Donato Ferrante discovered the Battlefield Play4Free bug with his fellow researcher Luigi Auriemma. The two also uncovered several other bugs which allow hackers to subvert a user’s computer through malicious websites even if user’s PC has inactive gaming software installed.
EA didn’t immediately comment on the discovery but a representative for the company told ArsTechnica that they are examining the security issue.
Depending ont he contents of the batch file that’s uploaded through this backdoor, the hackers could easily capture just about anything on an unsuspecting user’s PC. They can also alter operating system files, browser extensions, etc.
The Battlefield Play4Free bug does have one weakness though — it relies on the gamer to navigate to the initial malicious website. the key to avoiding this whole unnecessary and potentially devastating series of events is being exceptionally discretionary when deciding which websites to visit and which to avoid. In short, if it looks too good to be true or feels the least bit “hinky” don’t tread there my friend. You don’t want someone hacking your computer.