Cybersecurity and Gaming

WatchDogs 2, Source: http://static.gosunoob.com/img/1/2016/11/watch-dogs-2-coop-multiplayer.jpg Starcraft 2, Clash of Clans, XCOM 2, WatchDogs 2, and Outlast 2. These are but some of the many games widely played across the world, some of which have even been featured as e-Sports. With their increasingly immersive gameplay, a well designed “Video Game” can keep players occupied for hours and generate millions of revenue from

Cheng Lai KiBy: Cheng Lai Ki, Feb 21, 2018
TwitterFacebookLinkedIn

WatchDogs 2, Source: http://static.gosunoob.com/img/1/2016/11/watch-dogs-2-coop-multiplayer.jpg

Starcraft 2Clash of ClansXCOM 2WatchDogs 2and Outlast 2. These are but some of the many games widely played across the world, some of which have even been featured as e-Sports. With their increasingly immersive gameplay, a well designed “Video Game” can keep players occupied for hours and generate millions of revenue from in-game purchases — that of which I am sure players love so much. However, it is not all just fun and games. As games become more advanced, they increasingly leverage on society’s expanding connection to the Internet-of-Things. Whilst a nonetheless a positive element, these developments don’t lessen the cybersecurity risks associated to gaming in general.

 

First, Let’s Talk Shop.

When talking about “Video Games”, it is important for readers to know just how gargantuan and diverse the industry actually is. A good place to obtain an initial visualisation of the sheer diversity of the gaming industry is to log into the digital game management and distribution platform known as Steam. Developed by the Valve corporation, Steam allows users to download, manage and track playable games across different platforms ranging from consoles to computers.

In operational contexts, games are becoming increasingly immersive as computers and other devices are able to support powerful graphics cards and processing units. This means that developers can incorporate advanced visuals from motion capturing professional actors, or create highly detailed and procedurally generated environments. Better in-built processors being more prevalent in consumer technologies means that developers can introduce, at least for the console and computer platforms, more advanced (and adaptive) in-game experiences empowered by sophisticated machine learning programs.

In business contexts, the amount of revenue generated from “Video Game” segments, in South Korea alone, surmounted to US$2,187 million in 2017, according to Statista.com. With an expected to annual growth rate of 5.3%, generated revenue is predicted to hit US$2,829 million by 2022. This is just a general prediction and we haven’t even begun to dig deeper into the revenue generated under specific platforms or developers in larger countries like the United States or China.

 

Ok, Now the Trends!

With the abundance of new tech, the gaming industry is advancing its products and user-experiences. While it would be incongruous to outline allrelevant trends in the entire gaming industry, we can highlight two key ones.

First, is increased inter-platform connectivity. Leveraging off the increasing number of devices connected to IoT, some MMORPG (Massive Multiplayer Role Playing Games) allow players to interact with the game on multiple devices. In Ubisoft’s most recent title, Tom Clancy’s: The Division, the developers originally proposed a ‘companion app’ which allows players to join an existing game remotely on their tablet or smart-phone, operating as an in-game UAV to support their friends. Although the idea was later scrappedbecause developers felt it created an imbalance to gameplay, it does show how conventional gaming is seeking to become more mobile. Whilst cross-platform compatibility is more of a digital step, a physical one is the development of Nintendo Switch. A unique platform where Nintendo gamers can quite literally grab and go anywhere with their favourite Nintendo titles.

Second, is the increasing mainstream adoption of Virtual Reality (VR) and Augmented Reality (AR) by game developers. For example, in the 7th title of the Resident Evil series, Biohazard, developers released a VR version of the game that provided players an immersive horror experience. Within the realm of AR, the greatest trend was Pokemon Go!, which made quite the media headline as it drew thousands into the streets across the world. In other aspects, new facilities in London (The Void) have emerged that allow players to game in a hybridized digital-physical environment.

From small ticket game apps on smart-phones, fast paced MMORPGs, and immersive AR experiences; the sector is the gaming sector is a billion (if not trillion) dollar industry that is continuously expanding alongside emerging technologies revolutionizing modern society. However, as long as there are positives there must be negatives. So what are the cybersecurity risks in gaming?

 

Where’s The Cybersecurity?

For a moment, let’s ignore the awesome loot and take a real hard look at the games themselves. Games at their very core, are just compendiums of different interactive programs working simultaneously alongside existing network architectures to provide an immersive experience. Let us explore some cybersecurity risks associated to mobile gaming and multiplayer environments.

Inherent Flaws in Mobile Gaming

Earlier mentioned, gaming is available across multiple technologies and platforms. The most common of which is mobile-gaming on our smart-phones and tablets, which is in itself a huge industry. According to a Business Insiderarticle in 2016, mobile gaming is set to surpass all other forms of gaming. Given its obvious feature of portability, adaptability and convenience, we are seeing a huge increase in mobile games hitting the mainstream market — just browse around your Apple App Store. However, Mobile Games are still mobile apps and therefore will possess similar vulnerabilities as other mobile apps. For example in 2012, a vulnerability in Apple’s in-App purchase systemallowed hackers to manipulate their payment system. Over 115 games were affected and Apple lost an estimated revenue between US$8.3 — US$8.4 million. While in this instance, the criminals only decided to bypass an in-game payment system, in more extreme scenarios, they could have decided to implement malware to support information theft operations. Regardless, mobile platforms are filled with their own inherent cybersecurity flawsoutside of gaming. Most of which can easily be exploited to support the cyber attacks on mobile platforms.

Multiplayer Hunting Grounds

Not all games are single-player, and most either offer the option for multiplayer or are build directly upon the concept. This is especially true for many Open World MMORPGs, where players are actually interacting with other real players in real time. To hackers online gaming environments have been historical hunting grounds for over the past 20 years.

Some classics like World of Warcraft, both of which possess their fair share of criminal cases revolving around digital theft. A concept which was even used as a plotline in CBS’s Big Bang Theory, ‘The Zarnecki Incursion’, where the main character Sheldon becomes a victim of cyber theft. As more games continue along the Open-World trend, malicious attackers can quite literally stalk real players and target those with weaker internet security protocols to gain access into their home networks. Contextualizing this into broader criminal activities, criminal organisations could be using MMORPG environments as means of operational support. For example, extremists from the Islamic State and the Levant (ISIL) were discovered to be using an in-game chatroom as a communication platform.

Fun and Safe

The sheer size and diversity of the entire gaming industry is a treasure trove of business opportunities for the cybersecurity sector. For larger cybersecurity enterprises, they can easily provide comprehensive security services into a broad spectrum of games and development procedures. In addition, is it probably quite likely, given the relative technical nature of the industry, that most large game-developers might possess their own in-house C-SERT (Cybersecurity Emergency Response Teams). However, the same cannot be necessarily said of Small and Medium Sized Enterprises (SMEs) that are joining the gaming sector as developers. Like conventional SMEs, they probably lack the similar scale of equity or capabilities to develop the security protocols to partner alongside their products. This rings especially true for independent game companies, or known as Indie-Games in common nomenclature, who usually possess a small development team and focus on creating fun but horribly addictive games.

Video games have long development cycles. While services like Steam provide in-built security, mobile and Indie developers are still exposed to conventional cybersecurity threats plaguing the sector. It is really not all just fun and games. The world is increasingly filled with advanced technologies that can directly support the development of new immersive experiences. For some, these experiences are quite literally a second life for them. However, criminals will exploit these developments for their own agenda. If developers do not possess the equity or capabilities to cultivate their own security solutions, they can always outsource it to the broader cybersecurity community. It is through this partnership that newer games are both fun and secure for their everyone’s enjoyment.

Cheng Lai Ki
By: Cheng Lai Ki, Feb 21, 2018

Cheng Lai Ki is a Cyber Operations Consultant in Horangi’s headquarters in Singapore. Equipped with advanced degrees in Criminology, Intelligence, and International Security, he brings with him over eight continuous years working and researching in the security field. He was a former military officer from the armed forces, where he was an instructor specializing in strategy and operational tactics. Professionally and academically published within the field of cyber security in Europe and Asia, Cheng Lai Ki brings a unique cross-industry and interdisciplinary perspective towards cyber security. He is actively involved in Horangi’s intelligence, security management and incident response operations with clients in the APAC region.

TwitterFacebookLinkedIn