Howdy there!
I’m not a hacker or anything but I’m in Las Vegas, Nevada/USA for the Defcon Hacking Convention to hopefully learn how to defend against the black hats and other horrible ***holes that think ruining someone’s lives will do.
Come to find out one of the presentations was about hacking game engines, servers and games made with the mentioned engines. I’m not able to provide all of the info yet because I have to sort through notes and talk to the presenter (I’ll share contact I do for him too if need be) but he just showed how Cryengine 3 and any game developed with that engine can be exploited using LUA bugs, horrible or no sandboxing ability and activated using OS.exe. What that ends up allowing you to do is control the ENTIRR computer down to the OS registry and further (memory access, etc) and gives the hacker access to the attached network and all attached devices. Example of what could be done was he used those methods to gain access to a live webcam sertup in the room and able to record it and shut down engine hosted servers.
I’m not sure if Unreal Engine 4 has these issues but I’ll definitely send over any info I have if requested because On sure you would want to know as much as possible to prevent the same errors others had made. It’s our job as game developers to create a safe and fun environment and that starts with the Engine if there are those kinds of security issues.
