Ubisoft’s Uplay DRM Appears To Be Exploited, Works Like A Rootkit

Ubisoft’s Uplay DRM (Digital Rights Management) system appears to have been hacked open, and – interestingly – the service appears to contain some kind of remote launching tool.

The news is currently flying around the internet, along with proofs of concept that – in one case – shows how a website can open up the Uplay client on your computer, and potentially other software within the security limits of the browser used.


“Ubisoft installs a backdoor that allows any website to take over your computer,” claims the report. “The Sony BMG rootkit was also DRM and required product recall when it was discovered.”

There are a lot of Uplay-required games out there from Ubisoft, including the aforementioned adventure series, Driver San Francisco, Just Dance 3 and Ghost Recon: Future Soldier.

Naturally this doesn’t affect console games, and appears to (at least from a brief look) need Internet Explorer and Windows, but it does appear to be gaining attention rapidly.

Plug-ins can be disabled from within your browser.

Source: SECLists, Via Geek and NeoGAF.



  1. As if PC gamers weren’t pissed off enough at the always online DRM Ubisoft implements!

  2. Oh dear.

    I still vividly remember the controversy Ubisoft suffered from it’s stubborn use of StarForce DRM many years ago, and I remember how dog aweful it made my PC run and I remember subsequently boycotting any game that imployed its use.

    If proven, these new allegation could cause Ubisoft A LOT of trouble.

    • *imployed? Must be my new word for employed/implemented :)

  3. Oh Ubisoft, naughty… <.<

  4. This is why I’m only buying games from Ubisoft on console, and they wonder why they have low sales on the PC.

    Includes obnoxious DRM->Has low sales->Blames piracy

  5. Oh balls, Swiftly Uninstaled, Goodbye Anno 2070 :(

  6. Ubisoft you silly bugger

  7. Just as well there are currently no Ubi published games that I’m at all interested in on PC! :)

Comments are now closed for this post.