'Battlefield' Game Bug Allows Hacker Hijack
Battlefield's free iteration is vulnerable to a security hack.
Given that over 11 years have passed since Windows XP was released, it's easy to forget that the system remains in wide use and open to attack. Gamers who enjoy using "Battlefield Play4Free" on Microsoft's older operating system may want to exercise caution, as a group of security experts recently discovered that the system is wide open to a malicious hijack.
The information comes by way of security research company ReVuln. Presenting at the Black Hat conference in Amsterdam, ReVuln displayed a novel method of infecting a Windows XP system. By taking advantage of the game's built-in updater, a hacker could force the game to open a harmful website upon the computer's next reboot.
This kind of hack is particularly insidious, as it would be impossible to detect until a user had already arrived at the infected site. "Battlefield Play4Free" is an online-only game, meaning that, in order to play, users must run the game's built-in updater upon loading the title.
Electronic Arts, the game's publisher, has not issued any fixes, since the issue is still only theoretical and the hack itself is fairly complicated. A hacker would have to program a very complicated file that would require unusual characters, a deep knowledge of the game's startup protocol and a convenient way to distribute a totally unnecessary file to "Battlefield" players.
While Windows XP is waning in popularity, ReVuln estimates that the OS still controls about 40 percent of the desktop market. "Battlefield Play4Free" hosts about a million users, which means that such a vulnerability could affect hundreds of thousands of people.
In addition, "Battlefield Play4Free" uses the older "Battlefield 2" engine instead of the more modern one that runs 2011's "Battlefield 3." EA made this design choice specifically to facilitate lightweight system requirements, meaning that the relative proportion of "Battlefield Play4Free" XP users could be even higher.
Between "Battlefield Play4Free" and the potential Origin hack (also presented at the Black Hat conference), EA could be in a precarious position if hackers ever decide to take advantage of these vulnerabilities. After the recent drubbing the company took following "SimCity" and its CEO's departure, the last thing the EA needs right now is another batch of negative press.