this post was submitted on 01 May 2024
231 points (95.3% liked)
Gaming
2493 readers
328 users here now
The Lemmy.zip Gaming Community
For news, discussions and memes!
Community Rules
This community follows the Lemmy.zip Instance rules, with the inclusion of the following rule:
- No NSFW content
You can see Lemmy.zip's rules by going to our Code of Conduct.
What to Expect in Our Code of Conduct:
- Respectful Communication: We strive for positive, constructive dialogue and encourage all members to engage with one another in a courteous and understanding manner.
- Inclusivity: Embracing diversity is at the core of our community. We welcome members from all walks of life and expect interactions to be conducted without discrimination.
- Privacy: Your privacy is paramount. Please respect the privacy of others just as you expect yours to be treated. Personal information should never be shared without consent.
- Integrity: We believe in the integrity of speech and action. As such, honesty is expected, and deceptive practices are strictly prohibited.
- Collaboration: Whether you're here to learn, teach, or simply engage in discussion, collaboration is key. Support your fellow members and contribute positively to shared learning and growth.
If you enjoy reading legal stuff, you can check it all out at legal.lemmy.zip.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm not entirely clear, but it sounds like the hacked Apex games were on computers at different locations, which would make me think they were likely hacked remotely without physical access to the hardware. The hacker claimed he performed the hack by using a vulnerability in the game process, and that his hacking method only let him compromise the game and didn't give him any access to the people's PC itself. The developers said that it was EAC itself being exploited, but that the specific exploit shouldn't allow him access to owner's PC.
The combination of statements makes me think this was a remote hack that exploited vulnerabilities in EAC/Apex Legends. Thankfully there seeming wasn't an escalation to give full access to the PC, but considering the level of access that kernel anticheat has I would be very concerned about the possibility for any future hacks that compromise anticheat systems.
I might be ootl, but as far as we know, wasn't EAC ruled out? I recall watching Pirate Software's videos breaking everything down, and iirc, it was more likely that the individual computers were compromised at some point than it was remote code execution. Though it was still up in the air what the hacker could do, as they seemed to be able to send commands the server would accept (eg, gifting thousands of packs to steamers live on stream). Been a while since I watched, and the vids are also hours long so I don't expect anyone else to sit through it, but here's the first if anyone's interested. Apex Legends Vulnerabilities - Breakdown and Interview
I don't know exactly, I was just referencing what was said in the article I linked above, which has quotes and statements linked from both the hacker and some apex/eac teams.