Games have been with humanity for a long time, most likely long before fire and the wheel became part of our lives. The first games were probably similar to tag or wrestling, before we became toolmakers and moved on to sticks, balls, and other objects. Over time, games became more complex to feed our advancing intellect, and play with cards evolved to things like billiards, polo, and other genres.
Unfortunately, humans always look for ways to tilt the playing field in their direction. It’s probably something built into us, as “cheating” during hunting allowed us to take down bigger, more dangerous prey by making use of things those prey wouldn’t be able to answer to, like traps, tools, and weapons. Cheating probably started right when games themselves first developed, and evolved in sophistication alongside the games themselves. Balls, bats and other implements could be altered, cards could be marked, tables could be tilted, all to gain advantages.
As we entered the Information Age, we immediately jumped on the ability of computers to perform advanced calculations, and used them to make all kinds of games for us to enjoy. From cards to shooters, the world entered a new age of entertainment. Cheaters also saw opportunities, and the unique conditions during play allowed for many kinds of attack.
Security vulnerabilities in games don’t just result in gameplay degradation, however. A Remote Code Execution (RCE) issue can result in information disclosure, access to secure systems, injection of malware (including ransomware), and more. In addition, an attack on a game can lead to loss of consumer confidence in your systems and procedures.
Sadly, many companies don’t take security for games seriously, and security research is often done by black-hat groups, as most security organizations don’t seem to recognize the threat, or have bigger fish to fry.
We at VidyaSEC aim to fill the gap of scope by providing individuals and organizations with timely notifications of vulnerabilities on their gaming systems and applications. We also look to provide other security professionals a way to centralize and disseminate their own notifications, by acting as a vulnerability database, and as acting as a middleman for those worried about retaliation. We also aim to provide resources and training to those looking to get into the field, or who merely want to better understand threats and mitigations.
While VidyaSEC is currently small, we look forward to the future.
VidyaSEC 