Hacker says they banned ‘thousands’ of Call of Duty gamers by abusing anti-cheat flaw

Date:

Share post:


In October, video game giant Activision said it had fixed a bug in its anti-cheat system that affected “a small number of legitimate player accounts,” who were getting banned because of the bug. 

In reality, according to the hacker who found the bug and was exploiting it, they were able to ban “thousands upon thousands” of Call of Duty players, who they essentially framed as cheaters. The hacker, who goes by Vizor, spoke to TechCrunch about the exploit, and told their side of the story. 

“I could have done this for years and as long as I target random players and no one famous it would have gone without notice,” said Vizor, who added that it was “funny to abuse the exploit.”

TechCrunch was introduced to Vizor by a cheat developer called Zebleer, who is familiar with the Call of Duty hacking scene. Zebleer said he had been in touch with Vizor for months, and as such had knowledge of the exploit, which he said he saw Vizor using.

For years, hackers have targeted online video games to try to find flaws capable of installing and using cheats that give players an unfair advantage. Some cheat developers, such as Zebleer, sell their programs as a service, sometimes making millions of dollars. In response, video game companies have been hiring cybersecurity specialists to develop and fine-tune their anti-cheat systems to catch and ban game cheaters. In 2021, Activision released its Ricochet anti-cheat system, which runs at the kernel level in an attempt to make it even harder for cheat developers to get around it. 

Vizor said they were able to find a unique way to exploit Ricochet, and use it against the players it was supposed to protect. The hacker realized Ricochet was using a list of specific hardcoded strings of text as “signatures” to detect hackers. For example, Vizor said, one of the strings was the words “Trigger Bot,” which refers to a type of cheat that automatically triggers a cheater’s weapon when their crosshair is over a target. 

Vizor said they could simply send a private message — known as a “whisper” in the game — that included one of these hardcoded strings, such as “Trigger Bot,” and get the player they were messaging banned from the game. 

“I realized that Ricochet anti-cheat was likely scanning players’ devices for strings to determine who was a cheater or not. This is fairly normal to do but scanning this much memory space with just an ASCII string and banning off of that is extremely prone to false positives,” said Vizor, referring to how the game was effectively scanning for banned keywords, regardless of context. 

“The same day I found this, I got myself banned by sending a whisper message on Call of Duty to myself with one of the strings in the message contents,” said Vizor.


Contact Us

Do you develop or sell cheats? Or do you work on anti-cheat systems at a video game company? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.


Vizor said that at one point they developed a script — “join a game, post a message, leave the game, join a new game, repeat repeat repeat,” as Vizor put it — that would run automatically and ban random players, which allowed them to go on vacation and still ban players. Vizor said that over the months that they were doing this, Activision would add new signatures to its anti-cheat system, which they would find soon after and use to ban players. 

“I was most active with the trolling when [the] Ricochet anti-cheat team would add new string signatures. So if I check the [memory] region and see a new string, I will go crazy with it so they think they are detecting real cheaters,” said Vizor. 

Activision did not respond to a request for comment. 

A person who used to work at Activision, and still has knowledge of the work that the security and anti-cheat team do at the company, told TechCrunch that Ricochet was scanning for certain signatures and “that may have been weaponized against the anti-cheat,” essentially the technique Vizor was exploiting.

“If you know what signature the anti-cheat is looking for, I find a mechanism to get those bytes in your game process and you get banned,” said the person, who asked to remain anonymous. “I can’t believe [Activision] are banning people on a memory scan of ‘trigger bot.’ That is so incredibly stupid. And they should have been protecting the signatures. That’s amateur hour.”

Apart from random players, Vizor said they targeted some well-known players, too. In the period of time Vizor was using the exploit, some video game streamers posted on X that they had been banned, and then unbanned, once Activision fixed the bug.  

The company was alerted of the existence of the bug when Zebleer published details of the exploit on X. 

“It was nice to see it get fixed and see unbans,” said Vizor. “I had my fun.”



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

Sony’s CES 2025 press conference: How to watch

Sony knows how to put on a show at CES. The company’s pressers are high octane, star-studded...

Samsung’s CES 2025 press conference: How to watch

Samsung’s CES presser is always an odd duck. The Korean electronics giant generally keeps its powder dry...

Watch Boston Dynamics’ electric Atlas do a backflip

A little early holiday surprise from Boston Dynamics this week, as Santa suit-wearing electric Atlas performs a...

Shuttered electric air taxi startup Lilium may be saved after all

A consortium of investors has resurrected Lilium just days after the electric air taxi startup ceased operations...

These are the cybersecurity stories we were jealous of in 2024

Since 2018, along with colleagues first at VICE Motherboard, and now at TechCrunch, I have been publishing...

Proton’s device aims to help those with kidney disease, and cut heart failure risks

People with chronic kidney disease, or those at risk of heart failure, are greatly affected by potassium...

Halide’s next version will come with new film filters, HDR

Lux, which makes the iPhone camera app Halide, published a roadmap on Monday detailing the app’s next...

Hyundai is giving away free Tesla NACs adapters to its EV customers

Hyundai said Monday it will send customers who have bought or leased an EV before January 31...