Steam Browser Protocol Vulnerability can allow hackers to hijack PC
Steam is an online platform developed by the Valve Corporation used for online distribution of games and multimedia which also supports communication to all types of distributors irrespective of the size of their enterprise. It can also be used to distribute non-gaming software as well which was introduced earlier this month. It was initially designed for Windows, but later on was developed with compatibility for Mac OS X, Linux, iOS, and PlayStation 3 as well. Users of steam have access to full installation and customization features, chat functionality and an application programming interface, Steamworks, which provides developers with the opportunity of adding features specific to Steam to their software. As of now, more than 50 million user accounts are active on Steam and more than 1500 games are accessible at present and it holds a major share of the game distribution arena.
Many demonstrations have been made regarding the use of steam:// URLs to exploit vulnerabilities in Steam games and clients. For instance, the “retailinstall” command can be used to execute a malicious code using a deformed splash image file. Also .bat files are also used to help attackers gain control by automatically executing commands in Valve’s Source game engine using the steam:// URLs which executes the files in startup directory . Moreover, other gaming engines such as Unreal are also popular targets of attackers who use them to help load malicious files using rogue steam URLs. However, a user can protect their PC by disabling execution of steam:// URLs manually or by using a browser that is incapable of executing URLs on its own. However, since non-gaming software has also been made available on Steam, a user must be cautious as the risk becomes higher now.