Cyber security experts have discovered that a simple Steam invite allows you to take remote control of a player’s computer. The editor of the Source 3D rendering engine has been contacted, but the flaw is still not fixed. However, a computer that has been the object of an attack could be used to infect other machines.
An alert that does not date from yesterday!
As explained Vice News in an article from April 14, 2021, the security breach in particular concerns online games Team Fortress 2 and Counter-Strike: Global Offensive. Volunteer members of the Secret Club cybersecurity group discovered the same flaw and alerted Valve, the publisher of Source, a powerful 3d renderer. However, the alert was raised… two years ago! However, the publisher has still not corrected the famous flaw, at least not completely.
In fact, a simple Steam invitation makes it possible to exploit the breach with disconcerting ease. Once accepted, the request allows you to execute code remotely and invite you to the player’s machine. After this manipulation, the hacker has a full control over the system of the victim. It can then steal crucial information such as bank details, passwords, etc.
Many players exposed to this flaw
Florian, one of the experts at Secret Club, gave a quick demonstration to prove the presence of the flaw in the game. Counter-Strike: Global Offensive (see video at the end of the article). He explained in particular that if a hacker had the idea of creating a server and send out invitations a lot, all players who connect to said server could suffer the consequences.
“We can’t say in how many games this attack worked and if (or when) things were or will be fixed. NOTWe have alerted that this attack can affect the Source engine for each game ”, said Florian.
The flaw still seems to have been the subject of fix in some games, but is still very present in others. Also, if the hacker infects a computer, it can easily infect the victim’s friends and so on. The expert compared this attack to that of a worm, the damage of which can be exponential. Finally, although Valve considers this security flaw to be critical, the publisher has no patch released yet, which is a source of questions.
Here is Florian’s hacking demonstration from Secret Club: