Many of the most popular games out today are those that include, and heavily rely on, a multiplayer aspect.
But this isn’t the only way players and developers interact with one another after the game has been released. Since the early days of PC gaming, a lot of gamers enjoy customizing game options and play styles by writing their own code and modifying as they see fit, then releasing these mods to the general public. As more and more of our lives have moved into an online environment and are becoming “official” as major companies create their own mods and downloadable content, security is more of a concern than ever before.
Security Risks
The user actually tends to be the largest security risk in a computer environment, so during development, DLC companies have to keep what a program can access and modify to a minimum. This is also why computers in an office environment need secondary authentication for certain tasks, the deeper a user is allowed to go in the system, the larger the security threat and potential damage.
Two-factor authentication is another way to keep a connection very secure, as your password is broken into two parts: the first part is what the user enters, the second uses a program to send a temporary second password to the user. When these are combined within a specified period of time the user can log in. This has the advantage of someone without the second password not being able to gain access even if they have the user’s first half.
The more users you add to a program, the higher the likelihood that an exploit can be found just by virtue of more eyes and minds thinking over potential problems. This is why, oftentimes, major releases in software go through a beta stage, where access is distributed to larger and larger groups of users to find problems before the official release. Early access to games has become increasingly popular but security is still one of the aspects developers look out for.
Games with high expectations, like the upcoming Battlefield Hardline, are prime targets due to the high volume of gamers playing the beta version and media coverage surrounding its release. Media attention seemed to be the driving force behind hacker group Lizard Squad’s PS4 Network takedown over Christmas.
Solutions
Even though the password hack is the kind most people would be familiar with, threats don’t always come from the user side of the system. Problems can arise from bugs in the code, switching of information between sources or code that allows access beyond its original intent. Developers have a responsibility to keep up-to-date on the latest security threats and how best to handle them. Companies like Microsoft are so experienced in dealing with security threats that they provide PC game developers with resources and literature on security threats as well as how to write code with a heavy focus on security.
Microsoft also includes certain coding language for developers to add these commands to their code that will identify threats and stop them before they get too far. Data execution prevention (DEP) is a way to add a command in the code that will forcibly stop the program from continuing if it starts to try to access sensitive information. This keeps programs on the correct pathways and stops malicious code before it can get very far.
The PREfast tool allows programmers to quickly find bugs that would otherwise be missed by compilers, programs that change one coding language to another, these bugs cause performance issues and also leave an opening for security threats to originate.
Authenitcode Signing is a way to make sure the information sent between your computer and the game servers is not altered in transit. If there is an unauthorized change detected, the program stops responding to servers in order to shut down access between the two computers.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.