- A vulnerability was detected in Valve’s Steam portal which could allow attackers to take control of users’ systems.
- The researcher who uncovered the vulnerability was rewarded with $7500 by Valve.
Valve’s Steam is a digital distribution platform for games. A security researcher who goes by name Zemnmez uncovered a vulnerability in Steam portal. The bug could allow attackers to gain complete control over users’ PC.
The real name of the security researcher who uncovered the vulnerability is Thomas Shadwell. Shadwell was rewarded by Valve with $7500 for finding and reporting the bug.
Users' Personal Data at risk
“The best way to exploit the bug is to post a link to the gamer, which when clicked would launch an attack code and hand over the victim’s PC to the hacker,” Shadwell told Forbes.
Shadwell explained that there are chances for an attacker to have placed a malicious link in a public gamer group, where many users could have been tricked into clicking. Upon which the attacker could have gained control of a gamer’s PC and have stolen personal data and credit card information. The attacker could have then made the PC unusable with ransomware.
Shadwell reported that the vulnerability exists in the Steam Chat feature. “Many modern chat applications include ‘rich content,’ such as including a YouTube player with messages. The attack used flaws in the Steam Chat client’s protections around this content to access otherwise restricted functionality that Steam uses internally to open files on the user’s computer,” Shadwell explained.