Online Game Security

By felixctc at 4:11 am on January 20, 2008 | 9 Comments

http://www.securityfocus.com/columnists/461/1

Recently, a freelancer named Federico Biancuzzi published a book with his co-author, Greg Hoglund, about exploiting online games’ vulnerabilities. The article is an interview with Federico. He talked about one of the vulnerabilities in MMORPG is the fact that the server stores states in the client machines to have these client machines do some of the computations. This allows adversaries to be able to hack within their own machines to gain various benefits. This is because virtual assets in games now days hold great values. Federico also mentioned various ways to improve the online game security. One of which was having the game architecture server-side focus.

The reason that Federico and Greg published this book is to increase the awareness of online game security to various stakeholders such as game companies, developers, and the clients who wish their virtual assets to be secure. In addition, according to Federico, the current methods of game architectures and controls are not secure enough due to the difficulty of running an online game efficiently with a huge number of clients.

A broader issue here would be how can gamers protect their assets. Online gaming is such a huge market, but with these vulnerabilities revealed, how would the gamers, developers, and game companies react since the vulnerabilities can affect the MMORPG industry negatively. For example, less gamer will play the game because they do not want to take the risk of having their virtual assets stolen. This will lead to decrease revenue for the game industry. Also, the author mentioned that not only game information can be modified, it is possible for adversaries to attack other machines to steal other informations that is not game related. This can cause a bigger problem of personal information from the clients can be stolen also.

I believe there are definitely possible reactions besides from the ones that the authors mentioned. First, an increase of awareness of the security issue with online games is needed for the potential victims. Then, for the game industry, they should start putting more emphases on protecting clients’ virtual assets because they are very valuable to the clients. Third, creating laws for online game security would make adversaries think twice before committing the attacks. Hopefully, with the book published, more gamers and game companies will be aware of the online game security situations and start finding ways to prevent these attacks.

Filed under: Current Events9 Comments »

9 Comments

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by tip

    January 20, 2008 @ 9:22 am

    There is a little mistake in this post:

    the book entitled “Exploiting Online Games” has been written by security researchers Greg Hoglund and Gary McGraw.

    Federico Biancuzzi is the columnist who interviewd one of the authors. So the URL ( http://www.securityfocus.com/columnists/461/1 ) links to an interview with questions by Biancuzzi and answers by Gary McGraw 🙂

  • 2
    Get your own gravatar for comments by visiting gravatar.com

    Comment by felixctc

    January 20, 2008 @ 1:27 pm

    Ohh. I see. My sincere apologies.

  • 3
    Get your own gravatar for comments by visiting gravatar.com

    Comment by bcbell

    January 20, 2008 @ 9:16 pm

    Since virtual property is becoming an asset in the real world, it will become more important to protect it. However, the problem is that internet law is hard to enforce internationally and as we are learning, anything on a user’s machine is very vulnerable to attacks by that user. I think a partial solution may involve server-side detection of anomalies (sudden gain of a bunch of gold, etc.), but that definitely isn’t going to be perfect.

  • 4
    Get your own gravatar for comments by visiting gravatar.com

    Comment by joyleung

    January 20, 2008 @ 11:13 pm

    On top of the concern for gamers having their assets stolen from other gamers, there is the security concern of gamers stealing virtual assets directly from the game. Games like Maple Story and Gunbound make a profit by selling virtual items that can be purchased with cash. Potentially, cheaters can fuddle with the state on their computers to gain such items for themselves without paying. This has a more direct affect on the profit of a game company and also inhibits other legitimate players from playing because of the unfair advantage cheating players have in the game.

  • 5
    Get your own gravatar for comments by visiting gravatar.com

    Comment by mgklous

    January 21, 2008 @ 4:50 pm

    Another thing to consider is how online games administer and enforce rules. From my experience, when player breaks a rule that isn’t a federal crime, the worst that can happen is that the player’s account (and possibly IP) is banned. Consider adversaries who are exploiting the game and are manipulating virtual assets. This isn’t really a crime, so what can the administrators of the game do to stop the adversary? Banning the player may suffice if the adversary’s power stems from an accumulation of assets, but there’s nothing to stop the player from creating a new account and starting over again.

  • 6
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Kris Plunkett

    January 21, 2008 @ 10:05 pm

    I feel that this topic is very interesting because it has a serious economical side to it. It is amazing to me, yet true nonetheless, that some gamers would pay a considerable amount of money to gain an advantage in the games they play. I’ve heard of some MMORPGs allowing gamers to actually purchase in-game currency (Everquest, I believe?), and it is apparently well known that some gamers will pay others to play their characters for them in order to leveling them up. Where there is a demand, people will come in to fill the niche. These are the people who hack into systems, steal players’ virtual in-game assets, and sell them for a real-life profit. I would theorize that there are more such people than those who cheat for the purpose of gaining advantages in the game rather than for money. In conclusion, I’d like to offer the idea that it is precisely because of this growing monetary market for cheating that creating and properly enforcing laws preventing cheating in online games will become necessary.

  • 7
    Get your own gravatar for comments by visiting gravatar.com

    Pingback by UW Computer Security Research and Course Blog » Call For Papers: Online Game Security

    August 16, 2008 @ 3:00 pm

    […] Papers are due September 5th. We’ve talked about security and privacy for online games on this blog already. If you have any neat ideas for an article, I’m sure Gary and Ming would love to […]

  • 8
    Get your own gravatar for comments by visiting gravatar.com

    Comment by fikret yilmaz

    October 1, 2008 @ 9:09 pm

    how could ı portect my id and pw while playing an online game?

  • 9
    Get your own gravatar for comments by visiting gravatar.com

    Comment by renuGames.com

    December 15, 2008 @ 4:29 am

    I used to play online casino games, especially online roulette systems. I’m on their newsletter and every once in a while I get an email from them promoting some new game. They now offer some bonuses of up to $200 if you sign up and bet at least $100.

    I think it’s a waist of time. You really can’t win. You can’t beat the house no matter what.

    just my 2 cents…

RSS feed for comments on this post