CS:GO: bug allows PC invasion from Steam invitations


CS:GO: A digital security researcher has discovered a flaw that allows hackers to break into computers from invitations to play Counter-Strike: Global Offensive. The bug is present in the game’s engine and can cause cybercriminals to take complete control of the victim’s PC.

The revelation was made on Tuesday (13) by the Vice website. According to the article, the discovery was made by the hacker who identifies himself as “Florian”. The information security student, according to his Twitter profile, showed that the problem is present specifically in the Source graphic engine.

The bug was corrected in other games that use the tool, but is still present in CS: GO. Valve, which developed the engine also used in Team Fortress 2, Apex Legends, Dota 2 and others, was alerted to the issue in June 2019.

The announcement to the company was sent by Florian through HackerOne, a vulnerability coordination platform that offers rewards for discovering bugs. In the topic where the breach is addressed, Valve came to recognize that the failure was “critical”.

Despite this, there was no answer. “I’m honestly disappointed because they ignored me most of the time,” said the hacker.

Security issue

Florian showed in a video, which was published on YouTube last Saturday (10), a little bit of how the bug works in CS: GO. The expert coded an exploit to take advantage of the problem and explained that the system works 80% of the time.

He and other hackers who have looked into the matter also said that by infecting a machine, it can be used to infect other computers.

Carl Schou, founder of a group of researchers called the Secret Club, said on Twitter that he found other vulnerabilities, but that Valve didn’t care much about the problem. “They don’t really care about the security and integrity of their games,” said Schou.

Valve did not comment on the matter and a company representative declined to comment on the issue for the Vice website.

So, have you heard of this security breach? Were you worried? Leave your opinion in the comments section below!