In October, video game giant Activision announced that it had fixed a bug in its anti-cheat system that affected "a small number of legitimate player accounts." However, according to the hacker who discovered and exploited the bug, thousands upon thousands of Call of Duty players were banned due to the exploit.
The Hacker’s Story
The hacker, known as Vizor, spoke with TechCrunch about their experience. Vizor revealed that they had been able to find a unique way to exploit Activision’s Ricochet anti-cheat system, which runs at the kernel level. The hacker explained that they realized Ricochet was using a list of specific hardcoded strings of text as "signatures" to detect hackers.
The Exploit
Vizor stated that they could simply send a private message (known as a whisper) in the game that included one of these hardcoded strings, such as "Trigger Bot," and get the player banned. The hacker noted that this was done regardless of context, leading to false positives.
"I realized that Ricochet anti-cheat was likely scanning players’ devices for strings to determine who was a cheater or not," said Vizor. "This is fairly normal to do but scanning this much memory space with just an ASCII string and banning off of that is extremely prone to false positives."
The Consequences
Vizor revealed that they were able to ban thousands of players using the exploit, including some well-known streamers who later reported being unbanned once Activision fixed the bug.
"It was nice to see it get fixed and see unbans," said Vizor. "I had my fun."
The Criticism
Apart from the hacker’s admission, an anonymous source within Activision also criticized the company’s handling of the exploit. The source stated that banning players based on a memory scan for specific bytes was "incredibly stupid" and should have been prevented.
"I find a mechanism to get those bytes in your game process and you get banned," said the source. "I can’t believe they’re banning people on a memory scan of ‘trigger bot.’ That is so incredibly stupid. And they should have been protecting the signatures. That’s amateur hour."
The Fallout
The incident has raised questions about the effectiveness and security of Activision’s anti-cheat system. It also highlights the risks associated with relying solely on machine learning-based solutions to detect cheating.
As the gaming industry continues to evolve, it is essential that companies like Activision prioritize the development of robust and secure anti-cheat systems that protect both players and the integrity of the game.
The Future
Vizor’s admission has sparked a debate within the gaming community about the ethics of exploiting vulnerabilities in anti-cheat systems. While some may view Vizor’s actions as harmless, others see it as a form of cheating that undermines the competitive spirit of online gaming.
Regardless of one’s perspective, the incident serves as a reminder of the complexities involved in developing effective anti-cheat systems and the need for constant vigilance to prevent future exploits.
Related Stories
- Activision’s Anti-Cheat System Under Fire: A Hacker’s Tale
- The Rise of Cheating in Online Gaming: Causes and Consequences
- Developing Effective Anti-Cheat Systems: Challenges and Opportunities
Stay Up-to-Date with the Latest News and Insights from TechCrunch
Sign up for our daily newsletter to stay informed about the latest developments in the world of technology, business, and culture. Follow us on social media to engage with our community and join the conversation.
Contact Us
If you have any questions or comments about this article, please don’t hesitate to reach out to us at info@techcrunch.com. We value your feedback and look forward to hearing from you.
