Summarize

Simplifying... Inshort

A hacker named Vizor exploited a flaw in Activision's anti-cheat system, Ricochet, to unfairly ban thousands of Call of Duty players.
He manipulated the system by using its own 'signatures' against it, triggering bans by sending messages containing these signatures to other players.
Despite updates, Activision has yet to address this issue, which an insider source criticized as a major security oversight.

Was a long read? Making it simpler...

Next Article

Vizor abused a flaw in Activision's anti-cheat system

Hacker reveals how he banned thousands of CoD gamers

By Akash Pandey

Nov 08, 2024

09:48 am

What's the story

A hacker, who goes by the name Vizor, has taken responsibility for exploiting a flaw in Activision's anti-cheat system. The exploit resulted in the unwarranted banning of "thousands upon thousands" of Call of Duty players. The revelation goes against Activision's earlier claim in October that only a "small number" of legitimate player accounts were impacted by a bug in its anti-cheat system. Vizor revealed the information during an interview with TechCrunch.

Exploit details

Perspective on the exploit

Vizor disclosed he could have continued exploiting the flaw for years without being caught, provided he didn't target any high-profile players. The hacker enjoyed manipulating the system, saying it was "funny to abuse the exploit." TechCrunch was introduced to Vizor by Zebleer, a cheat developer who knows Call of Duty's hacking scene. Zebleer confirmed he knew about Vizor's activity for months.

System manipulation

Exploiting Activision's Ricochet anti-cheat system

Vizor found a unique way to bypass Activision's Ricochet anti-cheat system, which was introduced in 2021. The hacker discovered that Ricochet used certain hardcoded text strings as "signatures" to identify hackers. For instance, Vizor mentioned that one of the strings was "Trigger Bot," a type of cheat that automatically fires a cheater's weapon when their crosshair aligns with a target. By sending a private message (whisper) with one of these signatures to another player, Vizor could trigger an unwarranted ban.

Company reaction

Activision's response and insider perspective

Vizor employed the trick repeatedly over months, even as Activision updated anti-cheat with new signatures. The company has yet to respond to Vizor's claims. However, an anonymous source familiar with Activision's security operations confirmed to TechCrunch that Vizor's method could have been used against Ricochet. The source criticized Activision for banning players based on a memory scan of 'trigger bot,' calling it "incredibly stupid" and suggesting the company should have better protected its signatures.