You can always reinstall later, right? I’d also urge you to check your list of installed programs in Windows, just in case an old install of the Uplay launcher/plugin is hanging around despite your having previously uninstalled any games that used it. It appears versions of some of these games are Uplay-free and thus in theory safe, but again it may be better to be paranoid than sorry.
Additionally, this software would appear to allow Ubisoft to monitor PCs running Uplay, but again let’s wait for more details before any hammers of judgement are wielded. Frightening – even if there is still something of a question mark over exactly what level of access a nasty soul could go on to achieve. After uninstalling Uplay, the exploit once again didn’t work.Ĭalculator’s hardly scary of course, but if someone could use the exploit to slip another program onto your PC or run command lines, anything could happen. After installing Uplay alone, immediately the test link did indeed work, calling up the Uplay window, and then with that, booting the Windows Calculator. We’ve tested with a PC that has never had Uplay installed on it. If you have any of these games on your PC, you can also see the apparent exploit harmlessly in action with the link here. If you have any of them on PC, I would urge you to uninstall them and any Uplay applications as soon possible as a precautionary measure. You can find the games which apparently include the exploit listed below. Alas, the vast majority of folk with said browser extension will have been hitherto unaware that Uplay had installed it. Settings – Preferences – Advanced – Downloads – Search “Uplay”, deleteĬontrary to what some parts of the web are currently screaming, this is not a rookit – it’s an exploit in a browser extension. Tools – Add-ons – Plugins – Disable the Uplay and Uplay PC Hub plugins
Here’s how to locate and disable the errant plugin: The fault does appear to specifically lie with a browser plugin Uplay installs rather than Uplay itself, so remove that from your Firefox/Chrome/IE/etc extensions as a priority, but I’m erring on the side of extreme caution and advocating the removal of anything associated with Uplay until this apparent threat is dealt with. There’s been no response as yet, and other sites are reporting similar silence.
I’ve contacted Ubisoft for comment and will update as and when we know more. That’s presuming it is what it appears to be, of course – this may turn out to be an exaggeration, especially as the internet does so love to mock Ubi’s notorious DRM, but so far the evidence very much points to this being as dangerous as it sounds. With news of this backdoor spreading like wildfire and proof of concept code already out there, there’s a very real chance that someone will try to achieve something unpleasant with it before Ubisoft can shut it down. All it would take is an exploited wordpress, say.”īut I come here not to sensationalise, but to warn.
Except it’d also install a program via UBISoft’s DRM plugin which wiped your hard drive. Says the expert we spoke to, “you could click on a weblink, thinking you were visiting the BBC News Website from a friendly list of bookmarks. The web security expert we pvssyd to says this could even occur via an email link, making this exploit a phisher’s dream if it’s as a bad as it sounds. Were someone with malevolent intent to inject the code onto a commonly-visited website, they might be able to gain control over any number of PCs – or install keyloggers, viruses and the like, or just plain old wipe your hard drive. See below for details on how to rid your PC of it.Įssentially, as described here, with the right piece of code any website can call up a Uplay window and from that might be able to slip a program install or launch of their choice onto your PC. Update: the flaw lies specifically in a browser plugin Uplay quietly installs, and the general consensus is now that’s all you need to remove to protect yourself. If Uplay is on your PC, I urge you to uninstall it and any games that use it immediately, until we know more. It isn’t confirmed as definite, but certainly proof of concept code is calling up Uplay windows and then loading other programs from websites that have nothing to do with Ubisoft. For now, the important thing is to warn folks who have certain Ubisoft games installed on their PCs that an apparent backdoor has been discovered in the Uplay infrastructure/DRM which may in theory allow any anyone so minded to install God knows what horrors on your PC.
We’re currently investigating the full extent of this, but moralising and recrimination can come later.