A dangerous vulnerability recently found in the popular Dark Souls 3 videogame is feared to have left gamers at risk. The bug only applied to the game’s PC version, meaning users who play Dark Souls 3 on Xbox and PlayStation weren’t affected.
Reportedly, the same vulnerability was also found in earlier games in the Dark Souls series, which led to the game’s developers – FromSoftware – temporarily deactivating its PvP servers. In a subsequent update, the developers said that the PvP servers would not be reinstated until proper testing had taken place. This would also be after the release of the upcoming and highly anticipated Elden Ring game.
Why was this vulnerability such a problem?
The remote code execution (RCE) vulnerability found here allowed attackers to remotely execute code and almost any program on victims’ computer systems. In turn, this could then lead to them stealing confidential data stored on the computer itself – not just that associated with the game or a gaming platform – or installing malware on the system.
Is this vulnerability likely to be exploited?
At the time of writing, the game’s developers had yet to release full details of the vulnerability. In fact, the only public updates at all are the two tweets we’ve linked to above.
It’s worth noting that the vulnerability only came to light in the first place because it was highlighted on a Twitch stream. The person in question hacked a popular streamer while they were playing Dark Souls 3. They apparently chose this course of action because they’d been trying to draw the vulnerability to the attention of the game’s developers, but to no avail. As such, it’s unknown whether anyone who wanted to cause any real harm to gamers was aware of the vulnerability before the Dark Souls PvP servers were taken offline.
However, the person who created and demonstrated the exploit had already shared information about the vulnerability with the developers of a popular plug-in that many gamers use to counteract cheats. It’s unknown whether that communication or information could have gotten into the wrong hands. It’s also possible that hackers have seen footage of the demonstrated attack and will try and perform it themselves to cause harm to players.
Hackers with sinister intentions could steal data from computer systems, gaming accounts, logins for cryptocurrency wallets, install ransomware, or do pretty much whatever they wanted, having gained access to a system.
There have been no public reports of such scenarios happening to date, but the risk is definitely there.
What can you do to protect yourself?
In terms of this specific situation, the Dark Souls PvP servers remain out of action, so you shouldn’t be at risk once they’re reinstated.
Longer-term, check your anti-virus software if you’re a PC gamer. It is common for gamers to switch off their anti-virus tools or minimise their activity when gaming to ensure that most of their system resources are powering the game. However, this is fraught with danger. So instead, search out anti-virus software with a “Gaming Mode” feature or that is specifically designed to protect you while you play while not disrupting your gameplay or taking up too much of your system’s memory and processing power.