A user gained control of a foreign computer through Dark Souls 3. The hack could also affect Elden Ring, fans are sounding the alarm.
Through a security vulnerability in Dark Souls 3, hackers can penetrate other people’s PCs and even destroy them completely. This is the result of concurring media reports from (The Verge) and Inven (Gglobal).
According to the report, during a transmission of the Dark Souls streamer (The Grim Sleeper), the game suddenly closed and the text-to-speech function of Microsoft Powershell was activated. An unknown person had then insulted the streamer with it, but no damage had occurred.
Table of Contents
What had happened?
The hacker apparently uses an RCE exploit (Remote Code Execution). With this, one can theoretically start any kind of programme on a foreign computer and thus gain complete control. In extreme cases, RCE can also be used to destroy computers.
Who is behind it?
The attack in the case of The Grim Sleeper was apparently not malicious: A message in the (SpeedSouls-Discord) shows that the attacker wanted to draw attention to the security vulnerability. Previously, his calls for help to the developer FromSoftware had been ignored.
What is RCE?
Through the exploit, a hacker can potentially launch any software over the Internet on another PC. (According to Kaspersky), it is one of the most dangerous IT vulnerabilities of all. Hackers could lock PCs, steal data such as passwords, run malware and much more.
In December 2021, the Log4Shell vulnerability became known – through it, services like Netflix or games like Minecraft became a potential danger.
How can I protect myself?
Gamers are urged to play all FromSoftware games offline only at this time. The RCE exploit only works when affected users play online, according to (Aaron Alford from Inven Global). The community-created anti-cheat project Blue Sentinel also got wind of the hack and is now working on an (unofficial fix) – together with the attacker on The Grim Sleeper.
☻
What does the manufacturer say?
According to Blue Sentinel, Elden Ring’s community manager has already been informed. A Bandai Namco employee wrote: “A report to this effect has been forwarded to the internal development team. We are very grateful for the information from the community.” There is no word yet on an official patch.
Update: The developers now announce on Twitter that they will temporarily shut down the PvP servers completely. They are working on an unspecified problem with the online services.
PvP servers for Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered have been temporarily deactivated to allow the team to investigate recent reports of an issue with online services.
Servers for Dark Souls: PtDE will join them shortly.We apologize for this inconvenience.
– Dark Souls (@DarkSoulsGame) January 23, 2022
Which games are affected?
According to Blue Sentinel, Dark Souls 1 and 2 as well as the remaster versions could be affected in addition to Dark Souls 3. Since the upcoming Elden Ring also runs on the same engine, the RCE vulnerability could also occur there, the collective warns. FromSoftware has not yet taken a position on this.