Share this article on:
A threat actor has claimed to have banned thousands of Call of Duty players through a flaw in the game’s anti-cheat system.
As initially reported by TechCrunch, Activision announced in October that a flaw in its Ricochet anti-cheat system led to some players being banned.
“RICOCHET Anti-Cheat identified and disabled a workaround to a detection system in Modern Warfare III and Call of Duty: Warzone that impacted a small number of legitimate player accounts,” said Ricochet.
“We have restored all accounts that were impacted. An examination of our systems was conducted for safety, and monitoring will continue.”
However, a hacker going by the name “Vizor” has claimed to have used a flaw in Ricochet to trick thousands of gamers into being banned.
For context, Ricochet is a kernel-level anti-cheat system that works by scanning a user’s system for signs of malware or cheating software.
Vizor discovered that Ricochet was searching for specific hardcoded text strings to identify the presence of cheating software and malware. One such string was the words “Trigger Bot”, which refers to a cheat in which a player will autofire when an enemy player is in the user’s crosshairs.
With this knowledge, Vizor would send a private message to other players with the contents of one of these strings so that Ricochet would detect it and ban them.
“I realized that Ricochet anti-cheat was likely scanning players’ devices for strings to determine who was a cheater or not,” Vizor told TechCrunch.
This is fairly normal to do, but scanning this much memory space with just an ASCII string and banning off of that is extremely prone to false positives.
“The same day I found this, I got myself banned by sending a whisper message on Call of Duty to myself with one of the strings in the message contents,” Vizor said.
At one stage, Vizor said that he developed a script that would join a new match, send a message, and then leave the match, repeating over and over.
The scam lasted months, during which time Activision reportedly added more strings, which the threat actor then used to ban more players.
While Activision did not respond to TechCrunch’s request for comment, a former Activision employee said the anti-cheat signatures may have been “weaponised”.
“If you know what signature the anti-cheat is looking for, I find a mechanism to get those bytes in your game process and you get banned,” said the anonymous former staffer.
“I can’t believe [Activision] are banning people on a memory scan of ‘trigger bot.’ That is so incredibly stupid. And they should have been protecting the signatures. That’s amateur hour.”
As Ricochet previously announced, the bug was identified and disabled. It said all accounts impacted had been restored; however, a number of players responded to the announcement saying that their account was not restored and their appeals were denied.