Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Threat actor says ‘thousands’ of Call of Duty players banned after abusing anti-cheat flaw

A threat actor has claimed to have banned thousands of Call of Duty players through a flaw in the game’s anti-cheat system.

user icon Daniel Croft
Mon, 11 Nov 2024
Threat actor says ‘thousands’ of Call of Duty players banned after abusing anti-cheat flaw
expand image

As initially reported by TechCrunch, Activision announced in October that a flaw in its Ricochet anti-cheat system led to some players being banned.

“RICOCHET Anti-Cheat identified and disabled a workaround to a detection system in Modern Warfare III and Call of Duty: Warzone that impacted a small number of legitimate player accounts,” said Ricochet.

“We have restored all accounts that were impacted. An examination of our systems was conducted for safety, and monitoring will continue.”

============
============

However, a hacker going by the name “Vizor” has claimed to have used a flaw in Ricochet to trick thousands of gamers into being banned.

For context, Ricochet is a kernel-level anti-cheat system that works by scanning a user’s system for signs of malware or cheating software.

Vizor discovered that Ricochet was searching for specific hardcoded text strings to identify the presence of cheating software and malware. One such string was the words “Trigger Bot”, which refers to a cheat in which a player will autofire when an enemy player is in the user’s crosshairs.

With this knowledge, Vizor would send a private message to other players with the contents of one of these strings so that Ricochet would detect it and ban them.

“I realized that Ricochet anti-cheat was likely scanning players’ devices for strings to determine who was a cheater or not,” Vizor told TechCrunch.

This is fairly normal to do, but scanning this much memory space with just an ASCII string and banning off of that is extremely prone to false positives.

“The same day I found this, I got myself banned by sending a whisper message on Call of Duty to myself with one of the strings in the message contents,” Vizor said.

At one stage, Vizor said that he developed a script that would join a new match, send a message, and then leave the match, repeating over and over.

The scam lasted months, during which time Activision reportedly added more strings, which the threat actor then used to ban more players.

While Activision did not respond to TechCrunch’s request for comment, a former Activision employee said the anti-cheat signatures may have been “weaponised”.

“If you know what signature the anti-cheat is looking for, I find a mechanism to get those bytes in your game process and you get banned,” said the anonymous former staffer.

“I can’t believe [Activision] are banning people on a memory scan of ‘trigger bot.’ That is so incredibly stupid. And they should have been protecting the signatures. That’s amateur hour.”

As Ricochet previously announced, the bug was identified and disabled. It said all accounts impacted had been restored; however, a number of players responded to the announcement saying that their account was not restored and their appeals were denied.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.