SECURITY – Magic Media Studio

Podcast: Hacking Video Games

paul — Tue, 28 Jun 2022 09:50:50 +0000

Our host, Josh O’Farrell, speaks with special guest Mathieu Huysman, the COO and Founder of Cyrex. They discuss the importance of security for online games, hacking issues within the gaming industry, and more!

Cyrex are award-winning ethical hackers and cybersecurity experts. The team offers thorough manual penetration testing for video games, and non-gaming applications too! Cyrex has over a decade of experience and has firmly established itself as a trusted global partner in security across various industries.

Find out more about Cyrex by checking out their website.

The Magic Media Podcast Ep 5: Hacking Video Games with Mathieu Huysman: https://magicmediapodcast.buzzsprout.com/1941609/10869047

If you’d like to discuss cybersecurity, gaming or any other of our services, don’t hesitate to get in touch!

Gaming Industry Plagued by Game Hackers

paul — Thu, 28 Oct 2021 11:56:18 +0000

Given that the gaming industry continues to be plagued by game hackers we felt it was time to address the very public attacks on several high-profile game companies. Unless it is addressed and taken seriously, the games industry will continue to be a target by hackers. There is a worrying lack of modernity in the security of the gaming industry.

Due to the game industries continued growth, it should come as no surprise that it will remain a easy target by hackers. Most likely, these hacks will only become more frequent and grow in the damages caused.

The rising trend of game hackers

It is no surprise that the gaming industry has been attacked several times in the recent months. Starting with the huge CDPR ransomware attack, then dependency hijack of Halo Waypoint, now we find a much more worrying case in the breach of Apex Legends and Titanfall 2.

These attacks do a lot more than just deny services or damage reputations, they represent vulnerabilities that can lead to the loss of secure and highly sensitive data. The CDPR breach is one of the biggest examples, as it was not just the source code to every title being leaked but the personal details and documents of the entire staff.

What does this mean?

Now it might come as a shock that companies like Microsoft and EA suffered significant breaches, however the biggest surprise is the latter of these hacks.

Surprisingly, the injection points and common attack vectors that black hat hackers tend to take advantage of are network related. DDoS, searching for open ports or public domains that could potentially leak sensitive data. Hacker’s aim for anything on a network level and strive for outdated operating systems and servers. This is because these things are commonly known to be weak or prone to vulnerabilities.

Gameplay security tends to be a topic of discussion that is often overlooked, mostly there is a misconception that it is rarely attacked. However, through research we are now seeing a clear transition into targeting the games and platforms themselves.

Both the software and the applications are being compromised in today’s hacks. As we’re seeing with the Respawn hack, with the public messages displayed on Apex Legends and Titanfall 2, the game itself was compromised. However, the worrying part is that it doesn’t seem like a great conspiracy being conducted by a hacking group or savvy cybercriminals. It seems to be one or maybe a handful of disgruntled players who are upset about the number of hackers on the original Titanfall.

What’s the next step?

The gaming industry is a multi-billion dollar that spans the globe, and yet the issue is that its security is not even close to what it could or should be. Unfortunately, we have encountered the same mentality over the last years of work time and time again. Proper security is considered “nice to have” and not a key requirement. Which is why we are continuously fighting this mentality for our clients and trying to create awareness around the topic. We want to break through the widespread misconception and get people to understand it hurts games, developers, and players to view it as “just a game”.

When you take into consideration the comparison between both the financial and the gaming industries its hard to understand why security isn’t a priority. They are both billion-dollar industries that reach across almost every corner of the world, overlap in features and functionalities. However, the difference in security maturity is worlds apart.

The mentality of “it’s just a game” seems to hamper the idea that players’ and developers’ information and financial data are at risk. Therefore, escalates the need proper security straight away.

Our goal is to move the games industry towards the level of security maturity as the other industries such as the financial industry. We know that this is no easy task and that it will take time. Nonetheless, security must be fundamental to business operations, given the fact that games are very lucrative targets for hackers.

If security within the games industry continues down the path its going and refuses to keep up with modern trends, these attacks won’t stop. They will continue, grow, and increase in frequency and severity for years to come.

If you’d like to discuss cybersecurity, gaming or otherwise, don’t hesitate to get in touch!

Blockchain Security and Smart Contracts

robert — Thu, 19 Aug 2021 16:19:37 +0000

The world of technology, cryptocurrency, and security is always growing. We think it’s important, given its growth, for everyone to keep up to speed. Information is strength and knowledge is power. But with how quickly things grow and change, keeping up in the world of technology is difficult.

The Magic Media security team have worked with blockchain and smart contracts in the past. It’s something they’ve kept an eye on. On a security level, blockchain is secure by design. It is nigh impenetrable simply due to the nature of its composition.

However, blockchain is only as secure as what’s built onto it. The security of smart contracts and applications built on blockchain need to be considered. We’ve decided to tackle the topic of smart contracts and blockchain. We’ll try to break things down and make them more accessible to those outside these industries.

What is blockchain?

Blockchain is effectively a list of records. Usually transactions, it’s a digital ledger of interactions which are all recorded and kept on the ‘blockchain’.

Every interaction, every exchange, is given a ‘block’. And then any new interaction is connected to the previous – which validates and signs it in. This is where the strength of blockchain security lies. Each block or record is chained and verified from the previous one. Hence, ‘blockchain’.

Is it secure?

The strength of blockchain security is in the decentralized nature of its operation. It is not owned or operated by any individual or group. It is just out there. Without someone or a single group in control, there can’t really be any abuses of power.

That might sound dangerous but it’s remarkably safe. Because every interaction and transaction is verified across as many machines as possible, you can’t really cheat the system. Because there’s no one system to cheat.

It’s a whole group of machines checking and agreeing individually whether it is valid and true. These systems are automatically checking for legitimate codes and values.

In its operation, with these multiple systems checking every new entry, it’s a strong and secure system to operate within.

What are smart contracts?

Smart contracts are basically mini programs that are uploaded to the blockchain. They are small and specifically created for a set action. They are integrated onto the blockchain and execute their specific command based on whatever behaviour was coded in.

This can be for anything! Games and their in-game marketplaces or non-gaming services like financial transactions. Ethereum is one of the most popular blockchain platforms for game development. It is a decentralized platform that enables the creation of smart contracts and decentralized applications (dApps).

For clarity, when we talk about smart contracts, we are referring to the Ethereum blockchain. While most people outside the world of technology might have heard of Bitcoin, there are many other cryptocurrencies. In this case, we are talking about Ethereum, the second-largest cryptocurrency market. It is often referred to as ‘Ether’ or ‘ETH’.

The contracts usually operate as any normal transaction. However, when executed, they use the pre-set commands to begin its set of actions. The contract isn’t bound to just send money, it can be programmed to do almost anything. As we said above, this could be used inside a game for in-game transactions of items or could be a traditional transaction in Fintech for example.
And thanks to the decentralized nature of blockchain, it ensures these transactions are secure as long as the contract itself is.

How does Cybersecurity get involved here?

While blockchain is very secure by nature, it also means that things on the blockchain can’t be modified. Once something is on the blockchain, it is up there permanently. This is why we said that the blockchain is only as secure as what’s built onto it. If your contract is uploaded, it has to be bulletproof.

If not, it will be on the blockchain with its unique place and ‘block’. It will be accessible and if there is a weakness, it will no doubt be exploited.
This is why we recommend a full source code review before uploading. With our team, while verifying smart contract secure, white box testing is the only option. There must be a full check, from top to bottom, to ensure its security.

These programs are handwritten, and mistakes happen. But once it’s uploaded, that little mistake could prove fatal to your operations.

There is a frightening speed to the world of technology. Don’t let yourself get left behind and miss out on the potential of new and evolving ways of business operations. If you’d like to learn more about blockchain, get in touch with us and our Magic Media security team.