A user gained control over a foreign computer through Dark Souls 3. The hack could also affect Elden Ring, fans sound the alarm.
A security vulnerability in Dark Souls 3 allows hackers to break into other people’s PCs and even destroy them completely. This is according to concurring media reports from The Verge and Inven Gglobal.
According to the report, during a broadcast of the Dark Souls streamer The Grim Sleeper, the game suddenly closed and activated the text-to-speech function of Microsoft Powershell. An unknown person then used it to insult the streamer, but no damage occurred.
What had happened?
The hacker apparently uses an RCE exploit (remote code execution). Theoretically, this can be used to launch any type of program on a foreign computer and thus gain complete control. In extreme cases, you can also destroy computers via RCE.
Who is behind it?
The attack in the case of The Grim Sleeper was apparently not done with malicious intent: From a message in the SpeedSouls discord, it appears that the attacker wanted to draw attention to the vulnerability. Previously, his calls for help to the developer FromSoftware had been ignored.
What is RCE?
The exploit allows a hacker to potentially launch any software over the Internet on another PC. According to Kaspersky, it is one of the most dangerous IT vulnerabilities of all. Hackers could lock PCs, steal data like passwords, run malware, and more.
In December 2021, the Log4Shell vulnerability became known – through it, services like Netflix or games like Minecraft became a potential danger. What’s behind it and if we gamers need to worry, you can read here:
How can I protect myself?
Players are urged to play all FromSoftware games offline only at this time. The RCE exploit only works when affected users play online, according to Aaron Alford of Inven Global. The community-created anti-cheat project Blue Sentinel also got wind of the hack and is now working on an unofficial fix – along with the attacker on The Grim Sleeper.
What does the manufacturer say?
According to Blue Sentinel, the community manager of Elden Ring has already been informed. An employee of Bandai Namco wrote: "A corresponding report was forwarded to the internal development team. We are very grateful for the advice from the community."There is no statement about an official patch yet.
Update: The developers now announce on Twitter that they will temporarily shut down the PvP servers completely. One works on an unspecified problem with the online services.
At this point you will find an external content from Twitter, which complements the article.
You can show and hide it with one click.
I agree to be shown content from Twitter.
Which games are affected?
According to Blue Sentinel, in addition to Dark Souls 3, Dark Souls 1 and 2 and the remaster versions could also be affected. Since the upcoming Elden Ring also runs on the same engine, the RCE vulnerability could appear there as well, the collective warns. FromSoftware has not taken a position on this yet.
By the way, the GameStar editors argue about whether Elden Ring lacks courage despite the open world in the podcast at GameStar Plus! And in our big gameplay and story overview of the dark role-playing game hope you can find out everything else that is known about Elden Ring so far.