Recently, a freelancer named Federico Biancuzzi published a book with his co-author, Greg Hoglund, about exploiting online games’ vulnerabilities. The article is an interview with Federico. He talked about one of the vulnerabilities in MMORPG is the fact that the server stores states in the client machines to have these client machines do some of the computations. This allows adversaries to be able to hack within their own machines to gain various benefits. This is because virtual assets in games now days hold great values. Federico also mentioned various ways to improve the online game security. One of which was having the game architecture server-side focus.
The reason that Federico and Greg published this book is to increase the awareness of online game security to various stakeholders such as game companies, developers, and the clients who wish their virtual assets to be secure. In addition, according to Federico, the current methods of game architectures and controls are not secure enough due to the difficulty of running an online game efficiently with a huge number of clients.
A broader issue here would be how can gamers protect their assets. Online gaming is such a huge market, but with these vulnerabilities revealed, how would the gamers, developers, and game companies react since the vulnerabilities can affect the MMORPG industry negatively. For example, less gamer will play the game because they do not want to take the risk of having their virtual assets stolen. This will lead to decrease revenue for the game industry. Also, the author mentioned that not only game information can be modified, it is possible for adversaries to attack other machines to steal other informations that is not game related. This can cause a bigger problem of personal information from the clients can be stolen also.
I believe there are definitely possible reactions besides from the ones that the authors mentioned. First, an increase of awareness of the security issue with online games is needed for the potential victims. Then, for the game industry, they should start putting more emphases on protecting clients’ virtual assets because they are very valuable to the clients. Third, creating laws for online game security would make adversaries think twice before committing the attacks. Hopefully, with the book published, more gamers and game companies will be aware of the online game security situations and start finding ways to prevent these attacks.