Capcom Accidentally Compromised PCs Belonging to Street Fighter V Players
Capcom had to make some swift back-tracking recently after a blunder meant that their anti-cheat software for Street Fighter V operated in a manner very similar to a virus, giving complete system access to any installed program.
The issue was a driver that was installed as part of a recent update. The file, "capcom.sys" is a kernel level driver which bypasses "Supervisor Mode Execution Protection", an intel standard which stops rogue applications from performing high-level system tasks. With this protection in place, malware has a much harder time in making the infected system dance to its tune. With the capcom.sys file in place, writers of malware have a much easier ride. Instead of finding a way to bypass this security step themselves, they just make a call to the driver (which, as a system driver is accessible to all installed applications) and a back door with a vast amount of access is instantly opened.
We've seen issues before, most notably with the overly protective rootkit DRM that caused Sony BMG so much legal trouble over a decade ago, and this mistake from Capcom is a very similar issue. It's worth noting though that this is specifically an anti-cheat mechanism and doesn't have anything to do with DRM.
The offending driver arrived in the September update to Capcom's flagship fighter, and was designed to prevent users from hacking into the game to gain an advantage over online opponents, or obtain in-game currency without purchasing it. Users on Reddit started to notice that something was amiss and after some digging, the driver was discovered and the security hole that it opened was reported.
Capcom set to work right away in rectifying the issue and at the time of writing, they have announced that the file should have rolled back now:
The rollback to the PC version of SFV prior to the security measure update is now live. The new September content is included.
— Street Fighter (@StreetFighter) September 24, 2016
So hats off to Capcom for a swift response to a rather embarrassing mistake for them. There have been no reports of any systems being compromised in the short time that the file was live, we will report further if any are uncovered though.
COMMENTS