Home > Personal Technology > Browsers > Security flaw found in Steam

Security flaw found in Steam

A security flaw has been found in Steam's browser commands which could allow hackers to gain access to your computer through a back door.

Hackers could have a new means of accessing your computer through a browser command which utilizes Valve's software distribution system Steam. When your browser accesses a URL that begins with the command "steam://", it will prompt your copy of steam to launch and perform some operation. Usually, such an operation would be to launch a game, or install or uninstall software.

The Steam logo

Unfortunately, it seems this allows hackers a backdoor to install or run compromising software on your computer, including using exploits in games with the source- and unreal-engines. Some browsers, such as Chrome or Internet explorer will not access such a URL without first prompting you; however Safari, and Steam's own browser will run these URLs without question. Firefox lies somewhere in the middle. It will ask you to confirm, but will not alert you that there may be a risk involved (unsurprisingly perhaps, as the command is meant to be associated with steam).

No attacks in the real world have been reported so far, and the issue will probably be addressed shortly, but until then, remain vigilant of any links you click and try to avoid strange URLs. A full report on the security hole can be found here: http://revuln.com/files/ReVuln_Steam_Browser_Protocol_Insecurity.pdf

David F.
A grad student in experimental physics, David is fascinated by science, space and technology. When not buried in lecture books, he enjoys movies, gaming and mountainbiking

Leave a Reply

Your email address will not be published.

Read previous post:
Corsair Neutron 240GB SSD Review

  Corsair is perhaps the most active manufacturer when it comes to SSDs, actively jumping at any opportunity to expand...