Hacker News new | ask | show | jobs
by tialaramex 1238 days ago
Ordinarily there's no reason why you would "attack" the game, so things only get found if a significant community arises for the game which would benefit, e.g. speed running Mario 64 is a thing, so figuring out weird details of the engine is crucial to the best possible times in categories which allow you to break the game to win.

For a Remote Code Execution bug like this it only makes sense if it's a popular multiplayer game, so that there are enough targets to be worth attacking, for long enough after release that you can identify a bug and figure out how to abuse it.

GTA V is like a decade old at this point, there a very few games with that sort of longevity, we're talking Minecraft, WoW, big hits rather than the average video game.
2 comments
wnevets 1238 days ago
Video games being connected to the internet 24/7 are quickly becoming the norm. I am convinced there is a treasure trove of exploits created by the gaming industry just waiting to be found.
link
smileybarry 1237 days ago
IIRC it's unsafe to play multiplayer in past releases of Call of Duty, even if fully-patched, because the games have a plethora of unpatched exploits (used on Xbox 360 to create modded lobbies), and I'm guessing the game's P2P nature makes it easier to find a client in your lobby to exploit.

The general recommendation is to install a community patch but I'd rather not run it at all, to be honest. I'd say "play in a VM" but I'm sure anti-cheat wouldn't like that.

link
jeoqn 1237 days ago
Little reason to attack the game? How about knocking your enemies offline? Or getting their game or real money? Or recruit them for your DoS botnet? Because that’s what an RCE allows you to do…
link
tialaramex 1237 days ago
Suppose it takes you six months to figure out an RCE for PowerWash Simulator. Yay, if you can find another player you can really pwn them now. Wait, how will you find a player to victimise? Nobody was looking for multiplayer PowerWash Simulator a month after it came out, let alone six months.

GTA V has been around for ten years but still has a huge player base and that's what makes this practical.

link