The Dangers of Anti-Cheat Software - ft Genshin Impact

preview_player
Показать описание

Kernel Level anti-cheat is a rising practice in video games. Hundreds of games now employ the most powerful access to your computer in an effort to combat cheaters... but what if that effort was (in and of itself) a risk to your security?

Today I want to examine the idea that rather than protecting you, Anti-cheat in modern video games might actually be putting you at risk.

#videogames #hackers #anticheat
Рекомендации по теме
Комментарии
Автор

Let's remember that most of Genshin Impact content is singleplayer, so they are not protecting you from other players. They are protecting their right to exploit you for real money in case you don't want to deal with the grind.

Vondora
Автор

In Doom Eternal's case, the backlash was probably in large part because the kernel-level anti-cheat was added in a post-launch update, rather than being present right from launch.

And also because unlike the likes of Battlefield, Doom Eternal is primarily singleplayer rather than multiplayer. A kernel-level anti-cheat running at all times would be doubly unnecessary if you never engage with the multiplayer content anyway, which most players don't.

YayaFeiLong
Автор

Doom Eternal was so controversial because it came after the point of purchase, and was required even if they wanted to play single player.

thorerik
Автор

YOU CAN STILL BE INFECTED even if you've never installed those games.

Any ransomware that comes packaged with the exploited kernel anti-cheat can still infect your system. These kernel anti-cheats are signed as legit so even if the source of installation is a malicious software, there's a high chance it will evade security unless that specific ransomware is already flagged to be malicious.

On the flip side, even if you have installed those games in question, it doesn't mean you are automatically more vulnerable than others who don't.

Bottom line is practice safe web browsing habits, and BACKUP your sensitive/important data OFF SITE.

UjimasaShun
Автор

The first time I saw ring 0 anti-cheat I stated "if you want to install that you better have a pc exclusively for gaming" and I will never retract those words

pablolacerda
Автор

another large issue is that these drivers, once signed by a company, can be loaded/run by the kernel without even installing the program they are originally associated with. some people will "pack" these vulnerable drivers with their malicious programs and deploy them to the operating system when executed (usually only requiring administrator privileges) to gain even higher levels of permissions

hpde
Автор

Nice to see anti-cheat being discussed again

jibreelhughes
Автор

Kernel-level anticheat is about as useful as DRM. It costs a lot of money for the publishers to have some peace of mind while not preventing what it's supposed to prevent (cheating and piracy respectively) while being a huge nuisance to all honest customers. For some reason this trend of elevating access for what is basically corporate-mandated spyware refuses to die, even though everyone points out countless examples how bad it is. It would take multi-billion dollar lawsuits (unlikely) or government intervention (less unlikely but still unlikely) to get rid of this crap.

abadenoughdude
Автор

As i've said many times to others. There is always someone out there far more tech savvy than any dev or cyber security creator and these people do it for fun. They can't ever fully secure your system that is up to you to do.

SuddenFool
Автор

The only reason they are now so interested in "cheaters" is because games these days are Pay2win.

Marinealver
Автор

They're basically a root-kit. Sony got sued for their anti-CDrip tech years ago. Amazing how this stuff has lasted as long as it has, especially when it causes dropped frames.

punk
Автор

I'd rather have unfair matches than a back door into my private files

steakdriven
Автор

You know, a more skeptical person might think that the whole "create a problem and sell the solution that secretly makes things worse" isn't just happening in the video game "anti-cheat" space, but also other areas of our life, like politics and pharmacology. Sure am glad I'm not a skeptic.

justincoleman
Автор

“Genshin’s anti cheat is super hard, it has ring zero permissions on your kernel; that means it can read and write anywhere on your hard drive with out segfalting..” - Max0r

punipunipyo
Автор

You know that this affects everyone not just Genshin players since it’s a signed driver that is delivered with the malware.

scj
Автор

The thing that is infuriating about this is that even with this level of access, many games still have massive cheaters. Take Dead by Daylight for example. It uses Easy AntiCheat yet still suffers from tons of hackers and cheaters.

swiftfoxmark
Автор

This ring 0 access issue is not new. Now it is anti-cheat. 20 years ago it was DRM. This is exactly the same issue as with StarForce back then and it will lead to the same problems. One day, Microsoft will release a change in the kernel which will break compatibility and these games will stop working. This will be (one more) nightmare for game preservation.

sebastien
Автор

The uneasy reality about this is that you cannot detect Ring 0 hacks without Ring 0 Access. A well written software in Ring 0 is basically undetectable for Ring 1-3 Software. In the future we are gonna see a lot more Anti-Cheat Software that is very intrusive.

Schadowofmorning
Автор

The issue with the Mihoyo driver is more nuanced in a way that I believe is important that you didn't explain.

First off, no, non-administrative windows users CANNOT install Genshin Impact. Windows will not allow an unpriviledged user to install a driver, precisely because it would be considered privilege escalation if it did. You must be an administrator to install drivers on Windows for this reason. This is straight wrong in the video.

Second, the Mihoyo driver as reported by Trend Micro was being used by malicious actors to evade detection post-exploit, not as a vulnerable vector to exploit systems. Because you didn't make this clear, uninformed viewers may believe that the driver itself may be used to gain unauthorized access to their system, and this is not the case. A piece of malware must use some other vulnerability to gain access to the system, then after it has obtained administrative permissions, it itself installs the driver. You need not even have Genshin Impact installed in the first place, as the malware packages the driver with it.

So someone who plays Genshin Impact and has this driver installed is not vulnerable to attack just by having the game installed. If that is the case, why is all of this interesting and why did Trend Micro write up an article about it? Well, it's because the driver is signed and widely installed, and therefore trusted by most AV/AM/EDR software already. Re-purposing trusted code to do malware dirty work is an evasion technique meant to avoid detection of post-exploit activities, as it is much less likely to trip alarms or defenses.

Ultimately, this sort of thing is bad for everyone on the internet, not just Genshin players. And it really doesn't matter if you're a player or not. The best defense here is the standard self defense actions of don't click links from sketchy strangers, don't input credentials into lookalike fake websites, and don't download and run programs/executables from untrusted sources. The same stuff we've always been doing and some fail at.

Ashnal
Автор

This reminds me of a particular ASUS driver from the Vista era. I don't recall its name, but it was a driver that enabled full access to anywhere in kernel memory from userspace via an API. ASUS system management software used it to poke at things like temperature sensors and fans, but someone discovered that ANY program could talk to the driver and manipulate ANY memory location in the system, meaning it 100% defeated the safety that protected mode in a CPU provides.

JodyBruchon