Benji's profile picture

Published by

published
updated

Category: Games

View Blog View Profile Report Blog Entry

[PSA] Bewary of online games security wise.

! Keep in mind I ain't an expert on security in software and games. There are defiantly people who can better explain this than I can.


Recently, a video came up claiming an RCE exploit in Marvel Rivals. Although I ain't good enough to sift through and figure out if it's as severe as the claim, I did understand enough that I should talk about the issues with online game security in case someone who may find this doesn't know.

Here are a couple reasons to be careful with playing games online.

Games are made of sticks and hot glue.

Unlike most software which can be built in safe languages, games need a lot of iteration in design and have to run fast. This means a lot of games are gonna be built off of programming languages that require the programmers to make the memory management solutions. No matter how experienced the programmers may be, there will be mistakes made that can cause critical issues in stability, performance, and even security. Anything that can cause the memory to written in places it shouldn't could cause code to be ran when it shouldn't. 

Anti-cheat is even worse.

Many games use anti-cheat that has higher level control over your computer than you which create privacy and security concerns. Specifically running at kernel level which gives the program complete access to everything. Anything that exploits the anti-cheat can be undetectable or strait up brick your computer taking any sensitive info and sending it to a third party.

Peer-to-peer connects you to strangers.

This one was from the video, but it make sense logically. By connecting to another device directly, you are giving strangers the ability to send commands to your computer to run the game. Sure, if the security of you device is fine and the game doesn't have an exploit then it should be fine. However, connecting to a device is one step closer to hacking your device.

Running a server box with an open port is just waiting to be hacked.

If you decide to port forward, you are opening you device to the internet for anyone to connect to. It's the same problem as peer-to-peer, but now the game is open 24/7. As more people know about the open port, the more people will try to break in to the device and the network through it.

Is there anything that can fix these problems?

In the future these problems could be solved with safer languages like Rust, but we currently don't live in a future where it's the standard for games yet. Even then, it might still be possible for something to go wrong. Regarding anti-cheat, I'm not sure if it can ever get better considering there are ways around it anyway. The worst part is that these game are significant to many people and communities which means you might be dependent on playing them regardless of these problems.

So if I won't stop playing them, what can I do?

At the very least, don't run games online on your sensitive work devices! Ever! There is no excuse you can make when sensitive data is leaked because you wanted to play Marvel Rivals.

Another thing you could try is to play the game through game streaming services. I don't like this solution because I have my own qualms with streaming games, but as a solution I thought of just now, I don't think there is much better. This way, all that will exist on your console or computer is just streamed audio and video which I'm guessing won't have as much issue. I doubt the games actually have streaming options considering there are ways to cheat with game streaming anyway, but it could save you part of the trouble at the cost of stream delay.

If you have another system for gaming alone, play through that instead. Hacking a console or dedicated gaming device is still bad, but as long as you keep your private info off of it and your network devices aren't vulnerable, damage should be minimal.

Regards to peer-to-peer, only play with friends you trust. It won't matter as much if your game can be hacked if you only play with trusted devices. Now the steps to exploiting a game requires a device to be compromised unknowingly before hand and knowing to exploit a game. Many games like

Regards to server boxes, set up some network security and port security. There are probably a couple things you should do, but that would be out of my knowledge bounds to explain. They are probably things that dedicated game services already do, so match them where necessary.

Lastly...

talk to someone who knows more than me about this. I know I'm repeating, but I did no research to write this. This is all just stuff I remember. Experts can probably make online gaming seem much less scary and be able to explain all this and more while being much more accurate.

Sorry for making you read all this. Keep safe out there.


4 Kudos

Comments

Displaying 0 of 0 comments ( View all | Add Comment )