Researchers at Check Point Software Technologies have reported the identification of up to four vulnerabilities in Steam that an attacker could have e
Researchers at Check Point Software Technologies have reported the identification of up to four vulnerabilities in Steam that an attacker could have exploited to remotely block games and take control of players' computers as well as video game servers. The company shared its findings with Valve last September and three weeks later the first security patches began to be distributed in the form of updates among the games available on the platform.
As detailed by Check Point Software Technologies, the vulnerabilities were detected in Steam Sockets, a plugin which is part of the multiplayer toolkit that Valve offers to developers. The security flaw present in third-party titles allowed an attacker to completely take control of a video game's servers. "This same error could also have been used to hijack the computers of all the players connected to the same server," indicates the security company.
This last scenario could not occur in the games developed by Valve (Counter-Strike, Dota 2), which however were still vulnerable to security flaws that were found on both Steam servers and clients, since They are installed on users' computers. These errors allowed an attacker to block a game remotely and, in some cases, take control of the player's computer.
"To exploit this vulnerability, the cybercriminal only has to connect to the server of the video game he wants to attack," explains Check Point Software Technologies. “After this, it can act according to its will and unleash the attack by sending malicious payloads to the desired player or video game, without requiring any type of interaction. From this point on, the attacker could exploit this vulnerability in all users of a title, since both the players and the game are vulnerable ”.
Check Point Software Technologies ensures that the vulnerability found in Steam "is one of the largest" that its team of researchers has identified in the video game industry in recent years. The company recalls that in the past it has also found security flaws in Fortnite and the Electronic Arts platform.

