Security Firm Report Reveals Steam Loopholes

The thought that there may be a Steam vulnerability is probably panic-inducing to many PC gamers, especially those who've saved their credit card information to their account.

Not to worry, your credit card information is safe.

According to a report by security firm ReVuln, Steam browser URLs, usually used to install and run games, can be exploited to launch unwanted programs. Safari users are particularly in danger of this happening, as the browser doesn't ask for user permission before programs are launched.

The report then delineates ways to exploit Steam via the Source and Unreal engines. For instance, games like APB Reloaded, because they use anti-cheat programs such as PunkBuster, require administrator access. If users give administrative access to APB Reloaded, exploiters can be granted access to the entire system.

The report then concludes with some temporary workarounds to prevent the exploit. Hopefully, Valve is hard at work with a solution.

 

Contact Us for News Tips, Corrections and Feedback

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
21 comments
    Your comment
    Top Comments
  • nebun
    what happened with Safari being a part of the the most secure OS in the world....FAIL
    24
  • Kami3k
    Wait, this seems to have nothing to do with Steam but the games that are on Steam.
    12
  • Other Comments
  • nebun
    what happened with Safari being a part of the the most secure OS in the world....FAIL
    24
  • echondo
    Quote:
    For instance, games like APB Reloaded, because they use anti-cheat programs such as PunkBuster, require administrator access. If users give administrative access to APB Reloaded, exploiters can be granted access to the entire system.


    No, you're giving administrator access to PunkBuster, not APB.

    Also, people who are smart and know how to secure their passwords have at least a 10 character password for their Steam account with Steam Guard enabled AND have it linked to their Gmail with a DIFFERENT 10 character password and Gmail has their phone number for the access code when the Gmail account is trying to be accessed on a different computer.

    Also, most of us even go through another setup where we put a backup email linked to our Gmail one with a 3rd 10 character password if we need to get out primary Gmail account back.

    If you don't have it setup this way and are not using the Steam Wallet codes, then you're just asking for trouble.
    -10
  • Kami3k
    Wait, this seems to have nothing to do with Steam but the games that are on Steam.
    12