Respawn “investigates” possible security vulnerability in Titanfall 2
Respawn entertainment is “aware of the reports” and “investigating” a possible security breach in Fall of the Titans 2, the company announced today. The wording of the advertisement does not confirm or deny the violation. Respawn has “no other information to share at this time,” the tweet said, but will update fans if any new information arrives.
The Twitter statement comes hours after one user alleged that Fall of the Titans 2 servers have been compromised. The warning came from the NoSkill Discord community, a dedicated server for a Fall of the Titans modding community, and claims that “there are reports of a bug in the game which allows local code to be executed from the server”. This “could leave both your computer and your console vulnerable to exploits,” they wrote.
One user clarified the explanation on the NoSkill Discord, with details of how this could happen and its potential (and harmful) ramifications.
“The temporary buffer that Fall of the Titans the uses for game invitations have a size limit, ”they wrote. “If the decoded username of the person who invited you is larger than this maximum size, it will start overwriting random memory to store the name.” Once it gets out of that specific temporary buffer, your PC starts treating it as executable code instead of a username. And because it’s directly on your computer, it could potentially run any program, including malware, on your computer.
According to another user, the cause of the vulnerability is a “malformed lobby invitation” sent to members of the Advocate network, Fall of the Titans 2default network, to crash their games with a buffer overflow. These overflows “have the potential to lead to the execution of arbitrary code,” the user wrote.
While there may be security implications of the vulnerability, it is difficult to find any reports of users actively hacked or harmed by the issue at the time of writing. However, hackers could potentially exploit the breach over time.
Respawn is investigating the issue and fans should wait for official announcements, especially on Twitter, find out more.