PSA: CSGO Fans Beware, Unfixed Steam Invite Hack Could Take Over Your PC.
While Bugs aren’t uncommon in games, it’s only every so often that bug is so detrimental to the platform that It might scare off users from the game. In this case, as the CSGO Steam invite hack could cause crippling issues for users globally, it’s no wonder that concerned eyebrows have been raised.
Valve’s Source Engine has been around for a long time, from Team Fortress 2 to Half Life 2, dozens of games under the Source Engine umbrella are played by gamers from around the world, and one researcher has discovered a exploit in the engine that could become detrimental to anyone who’s playing.
Found in 2019, Ruhr-Universität Bochum Infosec student Florian discovered the bug, and posted it onto HackerOne, the bug hunting website in which Valve will pay bounties for bugs caught by regular users.
After being verified by moderators, Florian heard little about the bug, and according to his Twitter thread about the issue, he didn’t receive his bounty until 6 months ago. He lamented that even though valve seemingly fixed the issue in their source titles, CSGO still remains the one game where this exploit is still achievable. “I think it’s reasonable to say that Valve had plenty of time to fix this issue.”
The Implications of the CSGO Steam Invite Hack
While it may be fixed in other titles, the one title that matters is CSGO, being a popular and ongoing esport this puts players in danger if they ever decide to click an invite from a player they aren’t friends with. Given the fact that the exploit gives the hacker control of the victims machine, not only will the personal data of the player be ripe for the taking, but the hacker can then impersonate the victim to spread the exploit to other computers like a worm, forcing their way through multiple PCs and infecting anyone who falls for the trick that the last player fell for.
Florian has mentioned that despite finding the exploit years ago, Valve has yet to give Florian an actual response in whether or not they’ve fixed this exploit.
However, this is not the first time that such an exploit has been swept under the rug, as another security researcher Bien Pham showcases a similar bug on Twitter, in which the player connects to a malicious server which implements a similar exploit that doesn’t trigger until the victim restarts the game.
Despite being reached out to by many people reporting on this issue, Valve has yet to respond to any of them, many hope that Valve will finally say something if the situation is made public enough by the community. For now, be careful to stay away from suspicious invites to CSGO.