The Apex Legends Incident
Click Here for TechCrunch Blog Incident: https://youtu.be/LY6PGd8auHI?si=iOfFYMjhgzb4U3y6What Happened?
Recently, on March 18th, there was a competitive tournament called ALGS that was running on Apex Legends.
However, an incident had occurred that temporarily disabled the competitive integrity of the series, causing it to halt.
Two famous twitch streamers that were participating in the tournament by the name of Noyan Ozhose and Philip Dosen had their experience ruined by a bad actor by the name of “Destroyer2009” that had interfered with their games.
Why was this hack such a big deal?
This incident had caught everyone with shock in both the cybersecurity and gaming world.
The event was a popular series that ran under the Apex Legend’s esports circuit. Meaning, it had brought in hundreds of thousands of views to the tournament. A stunt like this had caused extreme concern that could imply a weak and unstable environment to compete in.
Immediately following the incident, the organizers of the tournament have decided to halt the tournament until a full inner investigation helped determine the root cause of this incident.
Thoughts from security researchers
This incident was something that had sparked a good amount of attention from security researchers such as John Hammond , Tech Crunch, The PC Security Channel popular channels I follow for interesting updates.
Although there is constant mention about this attack being viewed as an RCE, remote code execution attack, some researchers believe that this didn’t make sense because the attack doesn’t seem to prove there was any arbitrary code execution or an attack directly related to the source engine of the game.
The video of the incident showed the player’s chat log to automatically type messages and a game rendered UI popping up. However, because of the transparency observed by some researchers, they believe this showed to have resided in the game instead of a vulnerability on the machine itself.
If the vulnerability was indeed a RCE in the source code, that would give the bad actor direct access to the target’s computer. However, Easy Anti-Cheat, a cheat engine software responsible for developing anti-cheat enginer used in Apex Legends created a statement that reassures users that they are “confident that there is no RCE vulnerability within EAC being exploited.”
Reading through the Tech Crunch interview with the hacker Destroyer2009 directly, he mentions that the hack was specifically in the Apex Legends game and had nothing to do with any processes outside the game including the machine itself.
The hacker had also mentioned that the intention of the attack was “for fun” and nothing malicious towards the victims of the attack. The hacker even reported to have mentioned that he wouldn’t provide the vulnerabilities to the publishers because they didn’t offer any bug bounty programs for finding flaws.
Additional Thoughts
All in all, the current scenario isn’t finalized and there is no public evidence that points in the direction of a RCE. TechCrunch mentioned in their blog that the bad actor quotes: “players shouldn’t worry about it..doubts others will figure out what vulnerability he used, and how to exploit it before it gets patched.”
In order to find the root cause of the vulnerabilities, there needs to be a root analysis investigation from the Apex Legends security team as well as the developers of EAC. Until the situation can be confirmed, there can only be speculations and opinions on what specifically happened that caused the vulnerabilities to be successfully exploited.