Is video game security an entire subfield of its own? I imagine there are categories of exploits in video games which simply don’t exist in other areas of software
The latest in FPS cheating (that I'm aware of, not like I'm super plugged into the underground) involves buying a second PC to run the cheats, a card for your main PC to grab a copy of memory over DMA, ship it off to the second PC, then joining the two video feeds together. Apparently you can also hook your mouse up to a connection where it will edit the data flowing from the mouse to give you better aim as well.
A lot of it is the same as any other sort of security stuff, but like, the tough part is that the adversary has access to the physical machine. In my understanding anyway, not a security expert.
The "end-game" for cheating software is just a camera pointed at the monitor, or an HDMI splitter. Run the video feed through a not-invented-yet AI/ML model, and the model will control your character via valid USB keyboard/mouse inputs.
"Behavioral" anti-cheat will have to finally become a thing. As a game designer in 5-10 years, you won't be able to assume the operating system will be privy to any data which indicates cheating is happening.
I believe the right answer would be to cluster players by behavior signatures, leading to all the bots being in clusters with eachother. Then bots can mostly just play other bots. Over time you can merge known "human" clusters together so that different play styles get to play in the same matches. This also has the benefit of clustering "toxic" players together - both by chat content and in-game player behavior.
You would only ever do all that if you had no clue what you are doing (and most don't). It's rather trivial to bypass modern kernel anticheats, especially with a hacked up KVM or custom hypervisor. So much of anti-cheat nowadays is based off of automated (delayed) detection and user reports that you can easily ragehack to the the top ranks without ban if you just use silentaim (aimbot that doesn't need to change your view angles) and common sense.
In fact, I'd go so far as to say that a majority of players in the top ranks of most popular FPSs are cheaters or queue with cheaters. There's nothing quite like watching the enemy stare right at you through every wall across the map and then carelessly run in a straight line towards you. Even more concerning is how many streamers queue up with blatant cheaters and then use their connections with game moderators to manually ban other cheaters.
Security != DRM, i.e. 'anti-cheat'. Security is more about 'a malicious player can't RCE other players' than "cheaters can't access data which is sent to their PC anyway". One is a lot more tractable than the other.
Yes. Basically cheats and anti-cheats became their own thing security-wise and huge amounts of effort are spent (by both sides) on this cat and mouse game.
Although both cracking (as in "software cracking") and cheats were very similar security fields back in the day (both boiled down to reverse engineering) cheating has diverged enough (due to modern anti-cheats and anti-piracy becoming very different countermeasures) that I'd consider them vastly different nowadays.
Some categories of exploits unique to games:
- Aim hacking (pointing the mouse cursor to enemy heads)
- Recoil/spread cheats (mouse compensating for weapon recoil or bullet spread)
- Botting/botfarming (playing resource-intensive games automatically)
- Wallhacking (showing players through walls, or making walls semi transparent)
- Miscellaneous passive assistance (like overlaying a predicted path for a ball in a game, drawing precise location for footsteps/other player sounds, etc.)
- Modification of game state (like sending your character's position at will, allowing you to fly or go through walls)
Some of these have analogues in app security:
- Botting detection is probably very similar in both MMOs and CloudFlare)
- Hidden information is not very different from what we do in web apps (only send the state that the client needs and has access to)
- Preventing game state modification is solved by having a strongly authoritative server (again pretty normal in app land)
But even in those, what makes games very unique compared to other apps is that they're hard real time: you have hard requirements for each frame time; it's expensive to calculate in-server all things that a player should be able to see every single frame; packets take time to travel over the internet so you have to give it some slack (or enemies could pop out of nowhere when crossing doors); client sometimes needs information that you'd like to remain private (you need player positions even behind walls to provide 3D sounds)...
Modern anticheats usually resort to just scanning the memory for running cheats, trying to detect a cheat reading/modifying the game memory, etc. but cheats have come to great lengths like having actual cheat hardware (DMA devices on PCIe[0]) that cannot be detected since it's running outside of the computer software.
A lot of it is the same as any other sort of security stuff, but like, the tough part is that the adversary has access to the physical machine. In my understanding anyway, not a security expert.