Ubisoft ‘Uplay’ DRM Exposed as Rootkit, Poses Security Risk

‘Uplay’ installs a rootkit on Windows PC systems, allowing certain websites to gain full and unfettered access to affected computers.

Ubisoft Uplay

The ‘Uplay’ digital rights management (DRM) software that comes with almost every game published by Ubisoft on the PC has been exposed as a rootkit by whitehat hacker Tavis Ormandy. Tavis is an information security engineer at Google. 

The hacker published an exploit which allows anyone to take control of a Windows PC system with Uplay installed. The browser plugin that comes with Uplay is a security risk. Tavis writes:

“Your silly post reminded me of something, while on vacation recently I bought a video game called "Assassin's Creed Revelations". I didn't have much of a chance to play it, but it seems fun so far. However, I noticed the installation procedure creates a browser plugin for it's accompanying uplay launcher, which grants unexpectedly (at least to me) wide access to websites.”

In short, the Uplay software installs a rootkit on your system which allows any website with the appropriate code to take control of your computer.

Affected titles include:

Assassin's Creed II
Assassin's Creed: Brotherhood
Assassin's Creed: Project Legacy
Assassin's Creed Revelations
Assassin's Creed III (Tentative)
Beowulf: The Game
Brothers in Arms: Furious 4
Call of Juarez: The Cartel
Driver: San Francisco
From Dust
Heroes of Might and Magic VI
Just Dance 3
Prince of Persia: The Forgotten Sands
Pure Football
R.U.S.E.
Shaun White Skateboarding
Silent Hunter 5: Battle of the Atlantic
The Settlers 7: Paths to a Kingdom
Tom Clancy's H.A.W.X. 2
Tom Clancy's Ghost Recon: Future Soldier
Tom Clancy's Splinter Cell: Conviction
Your Shape: Fitness Evolved

Via Hacker News