In total, CheckPoint researchers found 4 vulnerabilities all allowing attackers to harm Steam and those using 3rd party game server.
As of September 2020, Valve’s Steam had over 95 million active users with a peak of over 21 million concurrent users. This makes Steam a lucrative target for cybercriminals and any vulnerability can be disastrous for the online gaming platform and its users around the world.
Keeping that in mind; the IT security researchers at CheckPoint identified several critical vulnerabilities (CVE-2020-6016 through CVE-2020-6019) in Steam that would allow attackers to hack and take over hundreds of thousands of computers remotely.
The worst part is that attackers could do that without tricking users into clicking on a link or sending a phishing email to steal their Steam login credentials. Simply put the user would be affected by merely logging onto the game.
See: Watch Out Gamers: Hacked Steam Accounts Distributing Malware
Moreover, an attacker could not only remotely steal the personal data of the victim including login credentials they could also disrupt the Valve game server, crash the opponent’s game client, and execute arbitrary code against 3rd party game server.
In their research, CheckPoint’s Eyal Itkin wrote that:
We found several vulnerabilities in the implementation of the Game Networking Sockets (GNS) library, which enables a variety of possible attacks. For example, when playing against an online ..
Support the originator by clicking the read the rest link below.
