Ubisoft’s “Uplay” DRM contains a rootkit, hundreds of thousands of PCs potentially vulnerable

This isn’t directly related to Sony, but I’m sure there are many PC gamers reading this blog so I’m assuming this will be useful.

A few hours ago, security researcher Tavis Ormandy revealed that Ubisoft’s DRM system Uplay installs a backdoor on your computer, as a plugin on your browser. Although the backdoor is probably unintentional, it basically allows anyone to run any binary installed on your computer, from any web server, extremely easily. As some users have pointed out on website Hacker News, it is easy to imagine a website forcing your computer into downloading some malicious code through the cmd/ftp commands, then get it to execute the malicious code using exactly the same vulnerability.

The issue is quite big, since the vulnerability was announced only a few hours ago and Ubisoft hadn’t been contacted previously. Therefore the vulnerability is now in the wild, and it might take several days for Ubisoft to take action, more than enough time for black hats to install whatever trojan then want to on victims’ computers. Moreover, it seems any game using the Ubiplay DRM on PC is affected, and several browsers are affected too (Internet explorer of course, but also Firefox and  potentially chrome).


among the impacted games are:

  • Assassin’s Creed II
  • Assassin’s Creed: Brotherhood
  • Assassin’s Creed: Project Legacy
  • Assassin’s Creed Revelations
  • Assassin’s Creed III
  • Beowulf: The Game
  • Brothers in Arms: Furious 4
  • Call of Juarez: The Cartel
  • Driver: San Francisco
  • Heroes of Might and Magic VI
  • Just Dance 3
  • Prince of Persia: The Forgotten Sands
  • Pure Football
  • R.U.S.E.
  • Shaun White Skateboarding
  • Silent Hunter 5: Battle of the Atlantic
  • The Settlers 7: Paths to a Kingdom
  • Tom Clancy’s H.A.W.X. 2
  • Tom Clancy’s Ghost Recon: Future Soldier
  • Tom Clancy’s Splinter Cell: Conviction
  • Your Shape: Fitness Evolved

If you have any of these games installed on your PC, your PC is vulnerable, and it is strongly recommended that you deactivate the Ubiplay plugin in all of your browsers (also, avoid warez sites and porn sites for a little while :D ).

In Firefox, open “about:addons” in the location bar, select “Plugins” on the left, then you can disable/remove as necessary.

Google chrome users: You can go to “about:plugins” and disable this and all other things that might expose you to extra security risks

So here’s a message for all of those who think DRMs are a necessary thing to “protect” the videogame industry: people who downloaded the pirated versions of these games probably don’t have the virus on their computers. Who’s a happy customer now?

Note: I haven’t tested the vulnerability myself, as I don’t own any Ubisoft game on PC.

By the way, the name Tavis Ormandy might ring a bell to some of you, he is a security researcher at Google, and one of the vulnerabilities he found a while ago in the tiff library led to the 2.80 TIFF exploit on the PSP (that was just after the Grand theft auto exploit, for those who remember).

source seclists.org via Hacker News

  1. Kevin’s avatar

    Wololo, you need a facepalm emote on this blog xD


  2. D’s avatar

    I wonder what other DRM has backdoors.


    1. Xian Nox’s avatar

      Try with every single one of them.


  3. garrei’s avatar

    fuck yeah… (meme)

    I pirated that shit


  4. UtterN’s avatar

    Thank you very much wololo for bringing these news, I’m very aware of my privacy and I like to protect it.


  5. jd20dog’s avatar

    good thing grandia 2 wasnt on the list lol


  6. james way’s avatar

    So From Dust is not attested? Yay. What about steam ubisoft games? They still run Uplay.


    1. jurian_assassin’s avatar

      I’d assume if it uses uplay, you are infected.


      1. svenn’s avatar

        infected ==> vulnerably


    2. Zaf9670’s avatar

      I haven’t opened AC2 but I do have it installed on my hard drive and I don’t see the plugin. It could just be the fact that I haven’t activated their DRM yet. No plug-ins here.


      1. Zaf9670’s avatar

        I bought it through steam btw. Left that bit out heh


  7. gary’s avatar

    aww cant visit porn sites for awhile… fuck


  8. Acid_Snake’s avatar

    This is a perfectly good time to say:



    1. Golden_Seraph’s avatar

      Ubuntu FTW :)


    2. svenn’s avatar

      If you mean by “rocks” you still play with rocks since it doesn’t have any decent games. Dual boot ftw, windows for games linux for work/need-be secure stuff :)

      Also you forgot the how-to with internet explorer here you go : http://support.microsoft.com/kb/957700


      1. Noel Abercrombie’s avatar

        I’m on a Debian box at the moment, and WINE supports damn near every windows game that I’ve thrown at it. Even stuff like Crysis runs more or less how it does on windows.

        Just saying.


  9. Linux user’s avatar

    Its the Uplay ‘plugin in your browser’ that has the problem not the OS
    last time I checked linux runs plugins in their browsers :D


  10. Zak’s avatar

    I know that this off topic buy how did you come up with the name wololo?


    1. wololo’s avatar

      Long story sort, it comes from the game Age of Empires


  11. Clicks’s avatar

    My first experience with obstructive drm was with bioshock, for some unknowable reason my connection just disagreed with the drm. At first I used a work-around patch, but the game crashed whenever I first entered Rapture after the little sub-capsule tour thingy. After a long call, reboots, safemode, and other fun things I got the game installed again for another go. Turns out the game just didn’t want to work with my gpu, an issue that was never resolved after the game’s PC team released a single patch for the buggy game and called it quits. Now THAT turned me off PC gaming for a good long while and drm for good (well that and my collector edition bioshock being destroyed in transit).


  12. auron’s avatar

    we need one of these security guys to hack the vita :P find more backdoors and exploits.


    1. FGG@TEA’s avatar

      hahaha yea already waiting too long want to play XD heheheh(sorry bad english)always playing PSP GO i get mad on bottons and size of PSP XD Cheer Up


      1. auron’s avatar

        yeah, guys who work as network security or something like that know the inns and out to that stuff, a guy told me anything’s possible with hacking we just need to look and its pretty obvious where we should look.


  13. ndh777’s avatar

    …another reason why I prefer consoles to PC lol I feel sorry for everyone with any of these games. This is a serious issue. Hopefully Ubisoft does something about it soon.


    1. svenn’s avatar

      Yeah, but i don’t see you do bank transactions using a console. So your argument is invalid. Every software has bugs, including console.


      1. fate6’s avatar

        yep you got it right but what do bank transactions have to do with games ?
        (BTW you are wrong since PS3(and soon Xbox) has a browser)


        1. jurian’s avatar

          ps2 had a browser as well if you bought the network adapter.


  14. Norml’s avatar

    Always a rootkit on all these DRMs, shisty companies, I don’t support their evil ways. The consumer should have the same easy(superior) access to the products they buy that pirates get for free. Why is this concept backwards?(Like the drug war, it’s obvious these tactics are a failure) Come on consumers, stop supporting these idiots, they DON’T care about you…DRM is for their protection only, it’s like a 4-5-6th party type of deal where the consumer goes through constant hurdles until the excitement and pleasure is ripped out of them…plug and play, remember? Nonsense.


  15. Bob’s avatar

    It’s a shame when you have to download a crack for games you already own….


    1. xSpectrum’s avatar

      *COUGH* Neverwinter Nights *COUGH*

      Damn Atari, my codes never worked. :@



Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>