jessica.kinghorn@futurenet.com (Jess Kinghorn)
2024-11-08 10:30:00
www.pcgamer.com
Last month, Activision posted that they’d “identified and disabled a workaround” within their automated anti-cheat tool, Ricochet. The language of the post is purposefully vague about what actually happened, but the studio asserts that only a “small number” of legitimate Call of Duty: Warzone and Modern Warfare III players were affected, and that those accounts have since been reinstated.
However, it wasn’t long before hackers shared their side of the story—to say nothing of all the angry responses under Activision‘s post from players still locked out of their accounts. A hacker known as Zeebler was the first to publicly share details of the exploit, explaining how it allowed them to remotely permaban players by typing as few as two words into the lobby chat. TechCrunch has since caught up with the hacker who originally found the exploit.
Going by the handle Vizor, the hacker in conversation alleges the extent of the issue was much farther reaching than Activision is willing to admit, saying they were able to remotely ban “thousands upon thousands” of players. Perhaps most damningly, the hacker also tells TechCrunch, “I could have done this for years and as long as I target random players and no one famous it would have gone without notice.”
Aimbots have been the bane of many a shooter fan’s existence—and indeed even threw Apex Legends’ anti-cheat software for a loop—so you can understand why Ricochet would have cheats like this in its sights. What is a lot less straightforward to understand is how simply typing the words ‘aim bot’ and sending them to another player could get them banned.
Vizor explained that Ricochet uses a list of hardcoded strings of text to detect cheaters and that they then exploited this to ban innocent players by simply sending one of these strings via an in-game whisper. To test the exploit the day they found it, they sent an in-game message containing one of these strings to themselves and promptly got banned.
Vizor elaborates, “I realized that Ricochet anti-cheat was likely scanning players’ devices for strings to determine who was a cheater or not. This is fairly normal to do but scanning this much memory space with just an ASCII string and banning off of that is extremely prone to false positives.”
To put it in simplified terms, Ricochet was picking through player’s setups, looking for anything from a list of keywords—or signatures—and then banning when it found them, regardless of the context in which those keywords appeared. That’s not the wildest part.
What’s wilder is that Vizor wrote a script that then automated the exploit process, allowing them to “join a game, post a message, leave the game, join a new game, repeat repeat repeat,” and keep dishing out permabans even while they were away on holiday. As Activision continued to update the anti-cheat software with new string signatures to look out for, Vizor kept up to date too, and continued, in their own words, “trolling” both the developer and Call of Duty players alike. This continued right up until fellow hacker Zeebler made the exploit much more widely known.
So now that Activision has finally worked out this workaround, how does Vizor feel with their “trolling” days at an end? Their takeaway may surprise you: “It was nice to see it get fixed and see unbans,” they admit before adding, “I had my fun.”
Support Techcratic
If you find value in Techcratic’s insights and articles, consider supporting us with Bitcoin. Your support helps me, as a solo operator, continue delivering high-quality content while managing all the technical aspects, from server maintenance to blog writing, future updates, and improvements. Support Innovation! Thank you.
Bitcoin Address:
bc1qlszw7elx2qahjwvaryh0tkgg8y68enw30gpvge
Please verify this address before sending funds.
Bitcoin QR Code
Simply scan the QR code below to support Techcratic.
Please read the Privacy and Security Disclaimer on how Techcratic handles your support.
Disclaimer: As an Amazon Associate, Techcratic may earn from qualifying purchases.