In total, CheckPoint researchers found 4 vulnerabilities all allowing attackers to harm Steam and those using 3rd party game server.
As of September 2020, Valve’s Steam had over 95 million active users with a peak of over 21 million concurrent users. This makes Steam a lucrative target for cybercriminals and any vulnerability can be disastrous for the online gaming platform and its users around the world.
Keeping that in mind; the IT security researchers at CheckPoint identified several critical vulnerabilities (CVE-2020-6016 through CVE-2020-6019) in Steam that would allow attackers to hack and take over hundreds of thousands of computers remotely.
The worst part is that attackers could do that without tricking users into clicking on a link or sending a phishing email to steal their Steam login credentials. Simply put the user would be affected by merely logging onto the game.
Moreover, an attacker could not only remotely steal the personal data of the victim including login credentials they could also disrupt the Valve game server, crash the opponent’s game client, and execute arbitrary code against 3rd party game server.
In their research, CheckPoint’s Eyal Itkin wrote that:
We found several vulnerabilities in the implementation of the Game Networking Sockets (GNS) library, which enables a variety of possible attacks. For example, when playing against an online opponent, an attacker can remotely crash the opponent’s game client to force a win; under some conditions, they can even perform a “nuclear rage quit” and crash the Valve game server, making sure that no one gets to play.
The good news is that Valve was quick to patch all vulnerabilities reported by CheckPoint. However, the researchers advise non-Valve game users to check whether their game client received an update after September 4th, 2020, as this is the date on which the library was patched by Valve.
Nevertheless, although Valve’s quick response protected its users from cybercriminals, in 2018, the company fixed a 10-year-old remote code execution vulnerability reported by security researcher Tom Court of Contextis. This means Valve users were open to cyber attacks for over 10 years.