EA Origin Exploit Lets Hackers Control Your PC
ReVuln, the company who revealed a potential exploit within the Steam client last October, have done it again. This time they demonstrated in front of an audience at a Black Hat security conference in Amsterdam that hackers could easily hijack computers with EA’s Origin client installed. There are caveats, however.
"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin [Uniform Resource Identifiers] handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma say in their paper detailing the exploit they demonstrated. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."
Essentially, what usually happens when you boot a game through Origin is that it connects to a web link to launch the game. All the hacker has to do to exploit this system is change the URL which Origin attempts to open when you boot a game. If that URL were changed to a site storing malware clicking on a Battlefield 3 server in EA’s Battlelog could inadvertently install malicious software on your computer.