Advertisement

Easy Anti-Cheat washes its hands of the Apex Legends hacking disaster that saw streamer accounts hijacked live: 'There is no RCE vulnerability within EAC'

 Apex legends arsenal.
Apex legends arsenal.

The day after the North American finals of the Apex Legends Global Series was postponed because of a mid-match hack against two players, Easy Anti-Cheat has issued a statement saying "there is no RCE vulnerability" in its software that was exploited to carry out the attack.

The first hack, against Noyan "Genburten" Ozkose of DarkZero, took place during the third match of the day: He was suddenly able to see every other player on the map, even through walls, and was ultimately forced to drop out of the match, although his teammates managed to claim second place even though they were a man down. The second hack occurred in the next match: Phillip "ImperialHal" Dosen of TSM suddenly found himself saddled with an aimbot. That match was ultimately abandoned, and the North American finals were postponed "due to the competitive integrity of this series being compromised."

Shortly afterward, the Anti-Cheat Police Department, a volunteer group that specializes in "gathering intelligence on cheats to detect and disrupt cheating vendors," issued a statement saying that an RCE (remote code execution) was being abused in the game, and that it was unclear "whether it comes from the game or the actual anti-cheat (software)."

Remote code execution exploits enable attackers to run software on remote machines, and they are bad news: An RCE was responsible for the suspension of PC PvP servers for Dark Souls games in 2022. A similar vulnerability was discovered in GTA Online in 2023.

In this case, as Anti-Cheat PD put it, "the RCE is being abused to inject cheats into streamers machines, which means they have the capabilities to do whatever, like installing ransomware software locking up your entire PC."

How this attack happened still isn't known, but earlier today Easy Anti-Cheat issued a statement disavowing responsibility. "We have investigated recent reports of a potential RCE issue within Easy Anti-Cheat," it tweeted. "At this time—we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow up support needed."

We have investigated recent reports of a potential RCE issue within Easy Anti-Cheat. At this time - we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow up support needed
We have investigated recent reports of a potential RCE issue within Easy Anti-Cheat. At this time - we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow up support needed

(Image credit: Easy Anti-Cheat (Twitter))

Making the statement even more notable is the fact that it's the first time Easy Anti-Cheat has tweeted since May 2019. Clearly the company considers it an important issue, and for good reason: Rooting out where the vulnerability lies—in Easy Anti-Cheat or Apex Legends itself—is hugely important, as it could determine whether this RCE is contained to one game or potentially deployable in other games that use EAC, such as Fortnite, War Thunder, Lost Ark, Elden Ring, and Hunt: Showdown, to name a few.

Epic Online Services later confirmed the statement in a separate tweet. (Epic Games acquired Easy Anti-Cheat in 2018.)

We have investigated recent reports of a potential RCE issue in Apex Legends, which we have confirmed to be unrelated to Easy Anti-Cheat. We are confident THERE IS NO RCE vulnerability within EAC being exploited.
We have investigated recent reports of a potential RCE issue in Apex Legends, which we have confirmed to be unrelated to Easy Anti-Cheat. We are confident THERE IS NO RCE vulnerability within EAC being exploited.

(Image credit: Epic Games (Twitter))

Reacting to EAC's tweet, Anti-Cheat PD said it indicates the issue lies within the Source engine itself, which Apex Legends uses, and that it could be similar to a vulnerability detailed in 2021.

Respawn has yet to comment on the hack, so the big questions—how did this happen, and what's the risk of playing Apex Legends?—remain unanswered. There's also no indication at this point when the North American finals of the ALGS will resume, but it's fair to assume that it's not going to happen until Respawn is confident the game is secured. I've reached out to EA for comment and will update if I receive a reply.