Comments on: World of Tanks Replay Vulnerable to Malicious Code

By: 10.12.2014 | For the Record

10.12.2014 | For the Record — Wed, 10 Dec 2014 16:53:55 +0000

[…] them based on the feedback or not. Okay, one more very important piece of news. Remember the “replay vulnerability” post? Well, Wargaming just acknowledged the issue by a special portal post. TLDR: replays […]

By: Its_Matra

Its_Matra — Wed, 10 Dec 2014 08:52:31 +0000

Obviously nobody read my comment two above this one!

By: Baldrickk

Baldrickk — Wed, 10 Dec 2014 06:46:03 +0000

Well, there is executable code in there.

I haven’t looked at it first-hand but I assume that it will be a script for the built in scripting engine inside WOT

Embedding an exe would probably be possible. Probably easier to have the game connect to the Web and download whatever for you though.

By: Baldrickk

Baldrickk — Wed, 10 Dec 2014 06:40:10 +0000

There os some good news that hasn’t been mentioned.

The wotreplays site won’t accept ‘tampered’ replays.

I have not dug into it enough to say how good this protection is (hunch says embedded hash – so possible to break)

It’s a minor thing, but a replay on Wotreplays is (slightly) safer than one from say – dropbox (like the PoC replay) that someone has linked to because, of this limited protection.

By: Pokelightian

Pokelightian — Wed, 10 Dec 2014 04:03:17 +0000

Wotreplay that formats hard drive and causes hardware overheating. Or Chernobyl-like symptoms.

By: Replaye z World of Tanks napadnuteľné škodlivým kódom

Replaye z World of Tanks napadnuteľné škodlivým kódom — Tue, 09 Dec 2014 19:25:30 +0000

[…] Zdroj: http://ftr.wot-news.com/2014/12/09/world-of-tanks-replay-vulnerable-to-malicious-code/ […]

By: MassiveHyperion

MassiveHyperion — Tue, 09 Dec 2014 19:05:21 +0000

Who’s the say that someone didn’t infuct the file, then upload to WoT Replays?

By: akseleo2000

akseleo2000 — Tue, 09 Dec 2014 19:01:41 +0000

Oh Ty

By: Torenico

Torenico — Tue, 09 Dec 2014 18:52:27 +0000

“Dont want virus? dont download replay”.

By: Mr_Deo

Mr_Deo — Tue, 09 Dec 2014 18:23:11 +0000

I haven’t seen the thing in action, but this has been going on for a while I think. I downloaded some replays about a year ago that looked fake/edited on the replay site and they wouldn’t launch the client to play said replay. I watched for open processes and port listening at the time but nothing nasty was there. I do know that many “Competitions” that go on where players “Submit” replays have had results that just don’t go with what is shown in the game or via noobmeter (those are just basic API pulls I guess?)..

WG will have no choice but to fix it once it becomes public knowledge, else someone will send in a “Ticket” reporting something in game, and the moment they open it then their own internal network can be exposed to a hacker… There in lies the rub..

If Replays were ONLY used by players then they would probably sit on their hands, but as they use them internally too then Hopefully it will spur them on. There is no reason why the wot exe should be launching external programs anyhow, and if it is then they should be signed in the software.