Report: Security Hole Found in Ubisoft’s DRM Scheme

Update: The BBC is reporting that Ubisoft has rushed to patch the exploit unearthed by a Google engineer in its Uplay DRM. The company also issued instructions for Uplay users:

"We recommend that all Uplay users update their Uplay PC application without a Web browser open," Ubisoft said. "This will allow the plug-in to update correctly. An updated version of the Uplay PC installer with the patch also is available from"

Original Story: Ubisoft finds itself in the midst of another controversy over its DRM scheme this morning. According to, a security hole has been found by a Google Security engineer in Ubisoft's Uplay digital rights management (DRM) software. Discussing what could be a possible rootkit in the DRM, Google security engineer Tavis Ormandy told Seclists about some unexpected behavior in Uplay after installing a copy of Assassin's Creed Revelations on his PC.

"I don't know if it's by design, but I thought I'd mention it here in case someone else wants to look into it," says Ormandy.

Commenters over at Hacker News have also published a "proof of concept URL" that allows someone to exploit a vulnerability in a browser plugin installed by Uplay. They were able to use this launch the Windows calculator.

"Ubisoft installs a backdoor that allows any website to take over your computer," says one commenter.

Ubisoft hasn't publicly commented on the story yet. The Uplay DRM scheme is supposed to stop piracy, but that doesn't explain why it includes a rootkit in the mix. We'll have more on this story as it develops.

Source: Polygon

Tweet about this on TwitterShare on FacebookShare on Google+Share on RedditEmail this to someone


  1. 0
    Technogeek says:

    It wouldn't need to have such a list. The plugin could receive a command along the lines of "launch Assassin's Creed II", upon which it could check the registry to see if a Uplay enabled game with that title was installed, and if so in what folder. Yes, if something malicious was able to edit the registry that could be problematic, but if you already have the capacity to do something like that odds are you've reached the "execute arbitrary code" stage without involving Uplay to begin with.

  2. 0
    MechaCrash says:

    I think the problem isn't "it can arbitrarily launch any program," since I doubt the Uplay nonsense has a list of executables that are part of its library. The issue is "there's no way to make sure that an Ubisoft website is doing this," and those other websites would obviously not be launching harmless programs.

  3. 0
    Technogeek says:

    As I understand, the problem isn't really with any of the DRM functionality (or even a rootkit) so much as it is with sloppy coding in the Uplay browser plugin — it's presumably supposed to allow you to launch a game from the website (I don't know for certain since I don't have any Upay-enabled PC games installed), but it can instead launch any program you tell it to.

    It has been reported that the security hole is now fixed, so you'll probably want to grab the updater off if you're affected.

Leave a Reply