In a significant move to address growing cybersecurity concerns, the popular gaming franchise, Call of Duty, has temporarily taken its PC games offline. This decision follows multiple reports of remote code execution (RCE) attacks that have left players vulnerable to hackers. The developers have acknowledged the situation, stating they are currently investigating an unspecified “issue.”
Players have taken to social media to share alarming videos showcasing their computers being compromised during gameplay. One notable incident involved a user whose game froze as a Windows command file executed in the background, accompanied by a message from the hacker taunting the player. Other reports indicate that some users experienced unexpected shutdowns or found their desktop backgrounds altered to inappropriate images.
Understanding the Vulnerabilities
The root of the problem appears to lie in the transition from dedicated servers to peer-to-peer networking, a common practice as older games age. As game developers phase out dedicated server support, players are left to host their own connections, inadvertently opening the door to malicious attacks. According to cybersecurity firm MalwareBytes, this shift has made older titles, including Call of Duty, particularly susceptible to exploitation.
Pieter Arntz, a researcher at MalwareBytes, noted that the hacking of older Call of Duty games has become an “open-air secret” within the community, prompting many players to steer clear of these titles on platforms like Steam. The franchise has a long-standing reputation for being plagued by hackers and cheaters who exploit software vulnerabilities for unfair advantages, such as automatic aiming, or simply to disrupt the gaming experience for others.
This is not the first instance of such vulnerabilities being exploited within the Call of Duty series. Six years ago, researchers identified critical vulnerabilities that allowed for remote code execution through the Steam platform, highlighting a persistent issue within the franchise’s extensive codebase.
As of now, the official Call of Duty X account has not provided updates regarding the status of the games or the ongoing investigation. The franchise’s main account did announce a brief maintenance period for Call of Duty: World War 2 and nine other titles on July 2, but further details remain scarce. Attempts to reach out to EA/Activision’s press office for confirmation regarding the game’s offline status due to these exploits have gone unanswered.
