Due to serious flaws, a well-known first-person shooter game enables hostile hackers to hijack the computers of other gamers as long as they are participating in the same online match. The issue is so bad that several streams have advised viewers not to play the game because hackers have “taken over” and made it “totally unusable.”
“I’ve been running across a lot of them; it’s been like virtually every single lobby,” one streamer remarked in a video from six months ago.
Activision’s Call of Duty: Black Ops III is the game that has flaws. When playing the game, “hackers have a tool that can reveal your IP address,” according to another streamer.
“They can fucking do anything they want,” he continued. “They can join your game, they can kick you out of the game, they can corrupt your [downloadable content], they can crash your game.
According to statistics from the gaming website Steam, Black Ops III, which was released in 2015, continues to draw more than 5,000 gamers per day. Activision, the game’s publisher, does not appear to be putting much effort into correcting the game’s vulnerabilities due to its age, so two gamers who turned to hacking have taken matters into their own hands.
The game has developed a hacker infestation. One of the two hackers working on the game’s repair, Maurice Heumann, told that there are numerous security flaws that have a major impact. “Playing the game itself puts you at risk of hacking. Your information may be taken, among other things.
Since 2015, Heumann has been deconstructing Black Ops III. He and a friend were working on a “client” at the time, which was essentially a customized, modified version of the game, but since they were “young and dumb,” they tweeted about their project and Activision responded with a cease and desist letter, which “totally frightened” them and caused them to stop working on the client.
Heumann is now trying again, and Activision doesn’t seem to care this time, at least not yet.He said he found two Remote Code Execution (RCE) flaws in the game and told Activision about them on May 14 and December 2, 2022.RCE is a kind of security flaw that lets hostile hackers run code on the target’s device from a distance and take full control of it.
Activision accepted the first bug report, and the person who sent it in got a bug bounty.Heumann claimed that, regarding the second bug, he has not yet received a response.
Activision hasn’t fixed them yet, though. (received screenshots of Heumann’s problem reports to Activision.)
“I assume they somehow noted that they exist, passed that information on to the development team, and then somehow it gets lost, probably because old games have no priority anymore […] the old games are old, nobody buys new copies anymore, so spending time on maintaining them is not worthwhile,” he said. “Because Activision isn’t acting, I’ll just take care of things myself.”
Activision and the game’s developer, Treyarch, made the following statement through a spokesperson named Neil Wood: “We are committed to continuing to support Call of Duty: Black Ops III eight years after its initial release. We are planning to provide an update this week in response to a technical issue with Call of Duty: Black Ops III’s Steam release. We appreciate the continuous support from our neighborhood.
Given that he is working on it in his spare time, Heumann is requesting community assistance for his open-source project.
The idea is that his client will effectively take the place of the game’s official launcher, or launching it through Steam, so that when users open it, the client patches the vulnerabilities, makes performance updates, and allows users to play “safely without worrying,” he said.
The problem with this strategy is that people who play his version of the game can’t talk to people who play the real game.However, Heumann wants to attract as many users as he can to his ecosystem, so he offers them options like changes and greater security in addition to higher security than what is offered by the current game.
Heumann says that the only things that aren’t open source are the security updates, because if they were, it would be easier for hackers to find players of the game’s vulnerable version and use them to do bad things.
Heumann said that the project isn’t done yet, even though he worked on it again for nine months. However, he has around 180 testers helping him find and fix bugs, so regular players may be able to access it in a few months.
One hacker aiming to make the game safer for participants is Heumann. Another good-hearted hacker, shiversoftdev, is working on a “community patch” that he refers to as a mission to safeguard Black Ops III players. His strategy differs from Heumann’s in that he wants to keep users in the official ecosystem and allow them to launch the game from Steam without having to worry about being hacked.
Heumann is also getting help from Shiversoftdev, but Shiversoftdev knows that in the end, Heumann’s product will be better.
Shiversoftdev told , “I mostly focus on defending players who need to or want to remain on the official [Black Ops III] servers, where [Heumann] is targeting his own ecosystem.” I limit my game-fixing efforts to the most serious issues. The fact that every player in [Heumann’s ecosystem] is using his version of the game also allows for far better protection techniques.
Not only Heumann and Shiversoftdev have decided to update old games without waiting for the original developers to do it.In 2020, a programmer going by the name Milenko created a bot detector for the 2007 first-person shooter Team Fortress 2.Since the game is infamous for being rife with bots and cheaters, the developer created their own unique bots that can either automatically kill other bots and cheaters or flag them to other players so they can choose to remove them from the game.
Heumann and shiversoftdev both tell users to stay away from Black Ops III or at least use the community patch while they continue to work on their fixes and clients.
I can’t overstate how easy it is to exploit this weakness, stated shiversoftdev. If you can, patch up; if not, try to stay away from public multiplayer lobbies. Use alternate accounts when streaming to prevent having your Steam username exposed. While logged into any [Call of Duty] server, use a VPN.
Both of them are up against it. “Hackers are so fucking annoying that they will spend hours and hours creating new tools to bypass the patches that the community is creating, so it’s just this endless cycle of creating patches, creating new mods, and creating patches, creating new mods,” said one of the streamers who has criticized the existence of cheaters and hackers on Black Ops III.
“That can’t be fixed. Don’t buy it, don’t play it, he said. “Uninstall the game if you have it installed on Steam.”
This article has been updated to reflect the spokesperson’s comments from Activision and Treyarch.