Steam vulnerability exposes gamers to hacking
The Steam affair has been known for quite a while now – at the beginning of the year, a white hat hacker Vasily Kravets discovered that the major gaming platform with millions of users suffered from an extreme security vulnerability. Kravets discovered that cybercriminals can abuse Steam to run malicious code with many administrative rights on Windows machines. As he said – the vulnerability was easy to find out and even easier to exploit.
It is mentioned that Kravets found the vulnerability while he was playing with Steam Client Service, which is a component of Steam’s Windows version. The subkeys that Steam enumerated allowed the descriptors to control those keys whether or not they have administrative rights. An executor can attack arbitrary files without administrative rights. Furthermore, it does not trigger a User Account Control (UAC) which is a prompt that lets you choose whether or not apps will be allowed to make changes to your computer – it simply runs as a Local System.
To put it that everybody can understand – the vulnerability gives the non-admin opportunity to run files with administrative privileges. It means the worst possible scenario – they can install all sorts of malware, including ransomware, banking trojans or password stealers. Even if the user has the latest Windows 10 with all the security update installed, he can be attacked. One can bear in mind that since Windows is the system of choice for most gamers, more than $90 million monthly active users are affected.
Kravets acted very righteously – after the discovery, he used Steam’s bug bounty program to try and disclose the vulnerability and to help with the fix. However, since the developer of the world’s most popular game has not processed the report further, the bug is still not fixed in Steam’s official Windows client. Even though the security researcher reported the vulnerability to the parent company Valve Corporation, Valve did not mark the vulnerability as “dangerous”.
The vulnerability was rejected as ‘an attack depending on the ability to place files in arbitrary locations on the user’s file system, so it is beyond the scope of the vulnerability reporting program’.
Kravets said: “This is a sign of the little interest that big tech companies have for the safety of their users. They don’t care about fixing their flaws; companies don’t do anything until they are forced to do it.”
However, this is not the first time that Valve’s Company has problems with this issue. Thanks to a benevolent hacker known by the name Zemnmez, one more bug was discovered. The hacker was rewarded for his discovery, and the bug was posted on the website for everybody to see and know about it. The worst-case scenario was that the hacker could have placed the malicious link in a public game group so many people could easily click on it. The control over their PC’s could have been taken and personal data were stolen and even credit card numbers. In one of the worst-case scenarios, they could have made the computer unusable with ransomware.
The so-called bug lay in the Steam Chat feature. The attack used flaws in the Steam Chat client’s protections around this content to access normally restricted functionality and to open files on the user’s computers.
However, Valve has taken positive steps to encourage hackers to disclose vulnerabilities, but Steam remains a prime target for cybercriminals. There are still a lot of users on Steam who make a living off stealing other’s accounts and liquidating the assets associated with the accounts.
Gamers are not at any more risk of being in the crosshairs of an attacker than any group. As one hacker noted:” Any software with vulnerabilities is interesting for attackers. Gaming platforms with a large userbase are no different and might well be targeted by attackers.”
When it comes to mitigation, one should know that the critical thing to remember is that an attacker needs access to the target PC, to begin with. The advice is the most simple one-stop this from happening. Don’t install cracked software, do not use the same passwords for multiple sites and services, if possible – employ two-factor authentication wherever possible, apply operating system patches and do not click links in unsolicited emails.
Since a lot of gamers usually disable the User Account Control (UAE), because they want to run in admin mode – it is not advisable. This function helps mitigate malware because it requires a system admin password if an ordinary user tries to do something that only an admin should be able to.
The greatest news is however that Valve has updated the Steam Client Beta, which has fixed privilege escalation exploit by using the symbolic links in Windows registry. HackerOne Protocol is also being reviewed, and some of the updates could be made to that as well.
Source: SecurityNewspapper, Forbes
