Developer Claims Ubisoft UPlay DRM Is A Rootkit Just Like Sony's BMG DRM

ubisoft-logo

Ubisoft is not one of the better loved game distribution shops out there. Even going back to the Windows XP days they were unpopular with their very oppressive DRM that users were forced to deal with. I can vividly remember the days of not being able to play certain games because of installing a service pack, or using a 64-bit OS. Ubisoft’s refusal to do anything about these issues pushed many legal game owners to resort to cracked executables just to play the games they had paid for.

As we have said many times the use of DRM (Digital Right Management) while meant to help prevent piracy and blatant game copying usually only hurts the people that buy the games. As we saw firsthand with the issues surrounding the choices of DRM used on Ubisoft’s games people that bought the game could not play it, but people that downloaded it could without issue. Now to someone that paid $50 for a game it is VERY frustrating and can push them to download their first illegal copy of a game. If you need any additional proof of this just look at what happened with Spore. Due to EA’s restrictions it became one of the most downloaded games of its time. Obviously this did not help EA or the consumer.

Now Ubisoft’s DRM is posing an even bigger threat to the consumer as we have found out that their UPlay DRM leaves systems open to arbitrary code insertion.  The root issue appears to be with two browser plug-ins (UPlay and UPlay PC Hub). When these two plug-ins are enabled simply browsing to a site running the right Javascript can install any code that the developer wants. Now, we are not sure if Ubisoft left this open by accident or it was an intentional “feature” that was intended to allow them to install updates by simply browsing to a page or something similar, but it a very bad thing to leave in your final code.

Developer Travis Ormandy showed off this exploit and calls the problem a Root kit likening it to the Sony BMG rootkit that caused massive product recalls because of how it affected people’s systems. There is no mistaking the issue and it is one that certainly puts Ubisoft’s already tarnished reputation even more at risk. The list of games that this Rootkit exists in is pretty long and includes most of the Assassin’s Creed family including the new ACIII game.

Ubisoft has not commented on the issue except to say they are looking into to it. This is pretty much what Sony said at first with the BMG Rootkit. We wonder how long it will take before Ubisoft admits this problem and fixes it. We also wonder how many “pirates” their actions have just created.

Discuss this in our Forum

No comments

Leave your comment

In reply to Some User