Dark Souls 3 bug could let hackers seize control of your PC

dark souls 3
(Image credit: From Software)

As if Dark Souls 3 wasn’t  already difficult enough, playing it online could open up your computer for malicious actors to swoop in, steal sensitive data, and brick it completely, if they so wished.

A report from Dexerto claims that playing the popular game online comes with a Remote Code Execution (RCE) vulnerability. RCEs are usually considered among the most dangerous vulnerabilities, as they allow third parties to run any code on the affected device, which includes ransomware, malware, infostealers, and pretty much anything else.

The vulnerability was demonstrated on a live stream from The__Grim__Sleeper, who was streaming the game for his 70,000+ viewers on Twitch when the game crashed, a Microsoft PowerShell opened up by itself, and the text-to-speech feature was triggered, causing Microsoft’s robotic voice to start criticizing the streamer's skills.

Drawing attention to the problem

As comedic and harmless as the scene may appear, the message was received loud and clear. In fact, it turns out that delivering the message was the whole point, as the hacker behind the attack first tried to contact FromSoftware, Dark Souls developers, to raise awareness about the issue, but was met with silence.

Only then, did the hacker decide to demonstrate the power of the vulnerability in front of a large audience, and it seems to have worked. 

FromSoftware has now shut down its servers for Dark Souls, Dark Souls 2, and Dark Souls 3, which all seem to be vulnerable to the flaw. 

There are even worries that its premiere upcoming game Elden Ring could also be vulnerable, with the company promising to investogate.

According to a report on The Verge, the anti-cheat mod for Dark Souls 3, called Blue Sentinel, which was developed by the game’s community, was patched to protect endpoints against the vulnerability, while Bandai Namco, the game’s publisher, took to Reddit to thank the community for drawing their attention to the flaw.

The servers are expected to come back online once the issue is permanently fixed.

Via: The Verge

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.