Just like any other software application video games are a collection of code and they can be vulnerable to exploitation like any other piece of software. Over three-quarters of applications (75.8%) have at least one security flaw, 24.7% have a severe security flaw and about 60% of applications have at least one vulnerability found on the OWASP top 10 vulnerabilities. Here are some examples of security flaws found in video game code:
Poor input Validation
Many video games take input from users and if this input isn’t properly filtered or validated then it will be prone to injection-based attacks like XSS, SQL injection, etc. Text can be inputted in a video game through the login menu, conversations with NPCs, game forums, etc. It’s estimated that more than 60% of web applications are susceptible to XSS attacks and they account for more than 30% of all web application attacks.
Too many admin privileges
Many online games have online admins that have elevated levels of access and privilege that should be used to moderate the video game. However, if the admin accounts are given too much access this can be abused and cause problems in the video game. For example, A moderate on RuneScape, a popular MMORPG was able to use his admin privileges to steal 45 billion in-game coins with a real-world value of $100,000 from players on the game. This shows the importance of sticking to the concept of least privilege when assigning access to video games.
Controlled Forced Teleports
This is a coding flaw that allows people to teleport anywhere they want on a map. Imagine a game like Call of duty or a racing game like Nascar where players can teleport to any point on the map that they want. This type of exploit is so popular that there are books on the dark web on how to perform this type of exploit.
Speed Hacking
This refers to changing the speed of a player in a video game and it is very popular in competitive gaming. Being able to move from point A to point B 10, 20, or 30 times faster than the competition is a huge advantage, and it can make it almost impossible for other players to compete. This is very popular in PVP games and it’s one of the most common types of hacks for players to perform.
Missing Access Controls
This type of exploit is very popular in games that have clan, guild, or team-based games. These access control flaws can be exploited to allow players to perform many actions that they shouldn’t be able to do such as promoting or demoting clan members without relevant permissions, accessing game areas that they don’t have level or XP for or even issuing bans to other players.
How to get more free content
If you like this article and would like to read more of our content for cybersecurity insights, tips and tricks feel free to follow us on our social media. If you’re a struggling business owner who needs help in assessing their business’s cybersecurity posture feel free to take advantage of our free introductory assessment and we’ll help you figure out a game plan for keeping your company safe.
