Playing online from Steam is not completely without risk, as Eyal Itkin, security researcher at Check Point has just shown. He analyzed the open source Valve Game Networking Sockets (GNS) library, which is used to create communications peer-to-peer during game sessions.
“This software is not only used by Valve, but also by many other gaming platforms because of the many features it offers. It is for this reason that we decided to inspect it ”, tells us Eyal Itkin.
He did well, as he found four rather dangerous flaws (CVE-2020-6016 to CVE-2020-6019), especially for users of third-party platforms. With these vulnerabilities, an attacker could have executed arbitrary code remotely on any terminal of a participant.
Depending on the execution privileges of the game, the hacker could control the application, capture the identifiers, read the messages or, outright, take control of the computer.
On Valve’s servers, however, the impact was less. The flaws allowed the game to crash, but not to hack users. The good news is that the bugs have already been fixed.
“Valve has been extremely responsive. The flaws were corrected within two days ”, tells us Eyal Itkin.
–
