Report: Bandai Namco was Aware of Dark Souls Security Exploit for Years
According to a VGC report, the exploit that's been affecting the PC version of Dark Souls I, II, and III has been around for years.
wccftech.com
Remember that Dark Souls exploit that caused a lot of trouble for PC users? Well, it turns out that Bandai Namco might have been aware of this issue for quite some time. According to a new report from VGC, multiple individuals have discovered the exploit as early as 2019. This means that Bandai Namco might've been aware of the issue for a long time... So, a repeat of the GOG Galaxy situation.
First off, an update on the current situation surrounding the PC versions of Dark Souls, Dark Souls II, and Dark Souls III. As of the writing of this article, Dark Souls' PC servers have remained offline to fix the exploit. For those in need of a refresher, this exploit allows players to introduce malicious code into the user's PC through the game's Invaders feature.
One of the people behind the discovery of the vulnerability told VGC that they had made Bandai Namco aware of the issue over a month earlier. As is common of cybersecurity incidents of this caliber, neither the publisher nor developer FromSoft acted upon the warning until it was made public.
Turns out it may also affect consoles, unlike what was previously thought:
Alarmingly, LukeYui also claimed that while they can't go into specifics as to avoid giving away the exploit details, the latest RCE could be used against console players without the attacker needing a jailbroken console.
Concerning Elden Ring and anti-cheats:
Of course, we wouldn't be talking about this issue without explaining how it's going to affect the hotly anticipated title Elden Ring. LukeYui explained that Elden Ring will have the exact same problem.
I've had the chance to see code from the closed network test and can already tell you that there are a lot of crashes and vulnerabilities in Elden Ring's netcode, the exact same ones as in Dark Souls III actually! So, I suspect it's going to take five minutes for cheaters from Dark Souls III to port their scripts to Elden Ring and make release day a hellscape.
Now, some users might bring up the fact that the Elden Ring EULA talks about using Easy Anti-Cheat. LukeYui gave some insight on this manner, citing that while EAC will stop inexperienced cheaters, it won't stop people who have experience developing cheat tools. Additionally, should the player have some form of anti-cheat solution provided by the community, they risk getting their account banned by Bandai Namco themselves.
Why is that? Well, it turns out that Bandai Namco heavily discourages using protection mods for their games.
(More at the link)
-----
For further context, here is the revious thread on the topic which was largely about Dark Souls 3:
Major Dark Souls 3 PC security exploit found (UP: may affect ALL Dark Souls games on PC + possibly Elden Ring) [Update: Fan Patch Up]
Apparently playing online can cause other players in insert scripts into your game. Reddit link with info Maybe it could impact Elden Ring? Now I'm not sure about playing it on PC.....
www.resetera.com
To summarize: the exploit was discovered years ago and Bamco was tipped off, but did nothing. Then recently someone blew the whistle, forcing Bamco to shut down servers on all Dark Souls games on PC. Console versions were seemingly unaffected, but now it turns out that they might still be...! And worse, Elden Ring, which has gone gold and comes out in 3 weeks as of this writing, may have the same problem too. š¬ The difference is probably that on console, another player can't brick your console the way they could your PC, but still.
This is pretty bad. Unless there's a clear news from Bamco about patches (for console versions too) on all Dark Souls games and a day 1 patch for Elden Ring about this, I'm gonna have to play the game offline... And while the articles mention it's the invasion system that's to blame, I suspect the coop system could still have this exploit, or in other words, I don't trust the online at all outside of messages and bloodstains anymore. :(
Bamco (and possibly FromSoftware) ignoring the problem and sweeping it under the rug is really inexcusable, though. What the fuck.