On-Line Games and Privacy Issues

[Stan Bubrouski <stan () ccs neu edu>]

Hey all,

I'm writing in regards to on-line games and the privacy implications 
users of those games might not be aware of.  Especially 
information-gathering mechanisms which can be used to gather information 
 about a user's system, software installed, and other details which can 
be used by advertisers, marketing agencies e.t.c...

Today I will be specifically talking about Half-Life and the built-in 
server-side mechanisms to control the client's game console, thus 
enabling these privacy breaches.

Valvesoftware LTD's Half-Life game is an extremely popular game played 
by hundreds of thousands of people world-wide.  Modifications for 
Half-Life such as Counter-Strike, Team Fortress Classic, and Day of 
Defeat are extremely popular and played on-line by children and adults 
alike.  Nowhere does it say on the box, that by playing the game on-line 
you give up your rights to privacy or otherwise.

First Problem: File Scanning
Scope: Remote
Description:

Built into Half-Life is a function called *g_engfuncs.pfnClientCommand 
which allows server-side plugins/modifications to execute game console 
commands on the client's computer, change their game settings etc...  It 
proabably seems simple enough: Let server admins control how clients are 
setup to prevent cheating.  That's great, but on the client and 
server-side there is a command called 'exec' which allows users to 
execute config/script files which can be used to change game settings, 
bind keys to commands/aliases etc... but this command also has the 
ability to report whether or not a file exists on the local machine. 
When you combine this with *g_engfuncs.pfnClientCommand, server 
operators can detect the presence of a file on the machine of any gamer 
connected to that server.  Furthermore code is already available which 
automates filescan given a list of files to search for.  THERE IS NO WAY 
TO DISABLE THIS MECHANISM CURRENTLY.

Why is this a big deal?  It allows people to remotely and automatically 
upon connection to a server stealthly scan a players hard drive for the 
existence of any file and log the results, thus allowing them to gain 
information about the user's PC.  And with thousands of kids all over 
the world playing the game unaware that their files or in many cases 
their parents/families files could be scanned as they are playing server 
admins.  This opens the door for hardware fingerprinting (by searching 
for specific driver files), program use (by searching common locations 
for program installations), cookie files from IE on certain OSes (not 
sure if this is possible, but it might be) which could indicate which 
sites people visit, etc...  We consider this a hole in other products, 
we should start looking at the games our children play in the same way.

Second Problem: Denial of Service Attacks
Scope: Remote
Description:

Again, by making use of *g_engfuncs.pfnClientCommand we can force 
clients to record demos and such which attempt to write to device names 
such as prn, aux, lpt1, etc... on all windows operating systems, and on 
some cause windows to completely lock-up potentially causing dataloss. 
Such a command is the 'record' command for recording demos.

There are more holes which I feel would be innapropriate to make public 
at this time.

Any comments?  I know a lot people disagree with me or have meaningful 
opinions on the security (or lack-of in games are children are playing)

Best Regards as always,

Stan Bubrouski