In a report by Lorenzo Franceschi-Bicchierai of Motherboard, hackers can potentially take control of a person’s computer by having them click on a Steam invite to play Counter Strike: Global Offensive. According to researcher and Secret Club member Florian, hackers can use the invite bug to take over a victim’s computer.
The bug does utilize the Source engine, which is used for other Valve titles such as Team Fortress 2, Portal and Left 4 Dead. But, it may have been patched in other titles. The researchers have mainly focused their efforts on CS:GO.
According to Secret Club, Valve has known about the exploit for years and has been slow to announce changes.
“Two years ago, secret club member @floesen_ reported a remote code execution flaw affecting all source engine games. It can be triggered through a Steam invite. This has yet to be patched, and Valve is preventing us from publicly disclosing it.” Secret Club said in a Twitter post.
Two years ago, secret club member @floesen_ reported a remote code execution flaw affecting all source engine games. It can be triggered through a Steam invite. This has yet to be patched, and Valve is preventing us from publicly disclosing it. pic.twitter.com/0FWRvEVuUX
— secret club (@the_secret_club) April 10, 2021
Secret Club is a not-for-profit reverse-engineering group that break games and expose flaws in game systems like this CS:GO bug. The group has been posting about the bug recently, claiming they have notified Valve about the issue.
How long has the Counter Strike: Global Offensive bug been in place
According to Secret Club, the organization alerted Valve over two years ago. Other people have also come forward to say they have contacted the company about the same issue.
“As you may know, @the_secret_club recently posted videos about Source Engine games RCE. I was also ignored by Valve for a year. Here’s the demonstration of my report. RCE can be achieved by connecting to a malicious server, then the chain will be completed when game is restarted.” Bien Pham, a software engineer for Shopee Singapore wrote.
As you may know, @the_secret_club recently posted videos about Source Engine games RCE. I was also ignored by Valve for a year. Here's the demonstration of my report. RCE can be achieved by connecting to a malicious server, then the chain will be completed when game is restarted. pic.twitter.com/oVGSjpYWTz
— Bien Pham 🇻🇳 (@bienpnn) April 12, 2021
Valve is notoriously slow when it comes to responding to community feedback and bugs in its systems. The Secret Club further claims other CS:GO bugs have been found and demonstrated that Valve has yet to address.
CS:GO is currently Steam’s most popular title in terms of players. The game has over 900,000 current players and peaked at 1,305,714 players in April.
Published: Apr 13, 2021 05:09 pm