Origin security flaw could lead to PC hijacking

Fatal bug uncovered at security conference

A security flaw found in EA's Origin platform could allow attackers to hijack remote PCs.


The bug was demonstrated by security researchers ReVuln, at the Black Hat security conference in Amsterdam last week. In an accompanying paper entitled 'EA Origin Insecurity: When Local Bugs Go Remote.. Again', the company explains the exploit.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism," the paper claims. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on a victim's system, which has Origin installed."

Spokespeople from ReVuln told Ars Technica that the bug involves no action on the part of the victim.

A spokeperson from EA told the site that "our team is constantly investigating hypotheticals like this one as we continually update our security infrastructure."