Minecraft exploit makes it “easy” for hackers to crash servers

A security researcher has posted a Minecraft flaw that makes it “easy” for hackers to crash the game’s servers, reports Ars Technica.

Developer Anmar Askar first noticed the exploit two years ago and notified the game’s creator, Mojang, but after being “ignored” and given several “highly unsatisfactory responses” he has now published the details on his blog.

According to ZD Net, the exploit concerns how the Minecraft sever decompresses and parses data, which, when taken advantage of, can cause a processor load that would exhaust the server’s memory. A fix for the flaw “isn’t exactly that hard,” according to Askar, but the company has failed to address the issue in a series of patches.

“I don’t want to expose thousands of servers to a major vulnerability, yet on the other hand Mojang has failed to act upon it,” he wrote. “Mojang is no longer a small indie company making a little indie game, their software is used by thousands of servers, hundreds of thousands people play on servers running their software at any given time.”

The Register notes that Mojang attempted and failed to patch the flaw after Askar’s blog was published, leaving the game’s server’s still vulnerable.

Minecraft was the victim of an attack earlier this year, after 1,800 logins were leaked online in plain text format. It is thought that the data breach could be used to target gamers with phishing attacks that would put their account details at risk.

Microsoft, who purchased Minecraft last year for $2.5 billion, has not yet responded to the latest exploit.

by Kyle Ellison, ESET

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s