FSLabs intentionally installing DRM that can steal your passwords

[Arika]

Didn't put this in the News section since it's not an article, but still worth mentioning.

 

Flight Sim Labs; a fairly well known and trusted (until now) add-on developer for FSX and Prepar3d has been caught installing, let's be honest, malware onto it's customer's computers that have purchased the Airbus A320-X module. They claim that is it part of their DRM and that it will only be activated in the event that a stolen serial number is detected by the DRM server. Part of the malware (file name test.exe) contains a chrome password dump tool that will send all saved passwords from Google chrome, straight back to FSLabs to do...basically what ever they like with them.

 

They only came forward after it was discovered by a few users on reddit.

This was posted on their forums as an official announcement

 

Quote

we were made aware there is a reddit thread started tonight regarding our latest installer and how a tool is included in it, that indescriminantly dumps Chrome passwords. That is not correct information - in fact, the reddit thread was posted by a person who is not our customer and has somehow obtained our installer without purchasing.

I'd like to shed some light on what is actually going on.

1) First of all - there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.

2) There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites.

3) If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. "Test.exe" is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).

This method has already successfully provided information that we're going to use in our ongoing legal battles against such criminals.

 

So while they claim "there are no tools used to reveal any sensitive information" they make the stipulation that it's only for people who legitimately purchased the modules. Regardless if the module was obtained legitimately or not, this tool is on the customers computer, there is nothing to stop FSLabs flagging every serial number and obtaining all the passwords of their customers when the DRM server is contacted.

 

They have since updated the installer to remove test.exe and the associated malware but no one knows how long they have been using this kind of DRM. Either way, they have a heavily damaged reputation now in such a niche market.

 

Seems a bit over the top and for them to justify stealing every single password stored in chrome in you pirate their product could land them in very hot water legally.

 

have we entered a new age of DRm that gives developers the right to steal passwords? let's hope not

[bellabichon]

This is extremely worrying. The fact that it is linked to a chrome password collection tool would definitely get them in legal trouble. Thanks for the heads-up.

[dalekphalm]

Holy shit. That's insane. I've only ever played a small amount of FSX and never used any add-ons (third party or otherwise), but that's... I mean, that has to be actually criminal.

 

Someone should sue the goddamn fuck out of them. That is not okay. Not under any circumstance.

[Droidbot]

People said SecuROM was bad..

 

Shit.

[8uhbbhu8]

Holy Hell..... That's evil...

 

 

And yeah I'd say this is news!!

[mr moose]

Check out their about us page:

http://www.flightsimlabs.com/index.php/about-us/

 

If they aren't dodgy then no one is.

 

 

 

[mr moose]

2 hours ago, Sierra Fox said:

have we entered a new age of DRm that gives developers the right to steal passwords? let's hope not

Nope,  just an age when some companies (mainly small guys like this) think they can justify  doing whatever they want.  

 

[Spotty]

2 hours ago, Sierra Fox said:

This method has already successfully provided information that we're going to use in our ongoing legal battles against such criminals.

"Yes, your Honour, we have proof that it was him that pirated the content to our DLC plane in FSX . We used malicious software to steal his passwords and access his facebook and twitter account to harvest his personal information in order to identify him, which we believe we are morally allowed to do since he didn't pay for our add-on."

I cannot see how they could ever possibly think that any part of their plan would be beneficial. Legal proceedings alone against sole pirates are pointless - costing more for the company than what, if anything, they can recover through the courts from the pirate. Even if they do manage to find the person and identify them, most of the pirates would be in different countries around the world with different legal systems and courts. It would be a pointless endeavour for them to attempt to launch legal action against them all. They would be better off spending their time promoting their product to drive sales rather than hunting down those who are pirating it and attempting to reclaim the cost through the courts.


The real crime being committed here is the mod costs USD $99.95. No wonder people are pirating it.





 

[Spotty]

3 minutes ago, mr moose said:

Check out their about us page:

http://www.flightsimlabs.com/index.php/about-us/

 

If they aren't dodgy then no one is.

What are you talking about? How can any company that has Jesus working for them be dodgy?

[mr moose]

2 minutes ago, Spotty said:

What are you talking about? How can any company that has Jesus working for them be dodgy?

 

 

Google image search  "cult leaders" and  prepare to see the many faces of Jesus. 

[asus killer]

holly crap. 

 

i pirate games sometimes, there i said it. All pirates block all '.exe." files from acessing the internet (it's literally instructed on every single .nfo), so i don't see the point of this to catch a pirate, or at least they will only catch clueless pirates not seasoned ones and let alone the guys that did the hacking, god luck it that lol

 

On the other hand a legitimate customer will have that shit on their legit copy, and some one can use it to hack is computer, some malicious guy in FSlabs like a crazy ex or some shit can access it

 

Lastly i got to give them points for creativity, how the hell did they thing this was ever a good idea or they could go way with it without being found out, but still twisted as it is that is a way to catch someone if it worked of course 

[Sakkura]

2 hours ago, Spotty said:

What are you talking about? How can any company that has Jesus working for them be dodgy?

And led by leftist calamari. 

[Droidbot]

1 hour ago, Sakkura said:

And led by leftist calamari. 

Leftnut Kalamari is his name, I think

[Beef Boss]

Save ram, not chrome? 

[SpaceGhostC2C]

6 hours ago, Sierra Fox said:

So while they claim "there are no tools used to reveal any sensitive information" they make the stipulation that it's only for people who legitimately purchased the modules.

 

I thought they were going to try some positive reformulation, as many companies do when it comes to data collection, but no, they barely fell short of straight admitting to exactly what they were accused of, and just said "you have nothing to worry about if you've done nothing wrong"...

 

If this is their best, then we have to assume they do ship malware with their software.

 

6 hours ago, Sierra Fox said:

Regardless if the module was obtained legitimately or not, this tool is on the customers computer, there is nothing to stop FSLabs flagging every serial number and obtaining all the passwords of their customers when the DRM server is contacted.

That is one important problem: admitting that you have malware, then saying it remains dormant until "carefully chosen conditions are met, trust us", is too much to ask.

The second problem is that it doesn't really matter whether it's restricted to pirates, redheads, mass murderers, or Arsenal supporters: it is a crime in itself, and arguably a far worse crime than someone pirating software has committed. I invite whoever came up with this brilliant idea to check what the law has in store for people spreading malware and stealing passwords (not to mention actually using the stolen information in any way, which one would presume is the whole point of stealing it).

It's the equivalente of have it an automated shotgun at the exit of a store, then saying "don't worry, it only fires when a shoplifter is detected". I think there is a good reason why those sensors activate alarms, not shotguns. Someone needs to explain that to these guys...

 

And given how most of their statement is about how pirates are bad people, and how they detect the victim is a pirate in the first place, I'm inclined to think they really don't have any defense to put forward.

[porina]

4 minutes ago, SpaceGhostC2C said:

The second problem is that it doesn't really matter whether it's restricted to pirates, redheads, mass murderers, or Arsenal supporters: it is a crime in itself, and arguably a far worse crime than someone pirating software has committed. I invite whoever came up with this brilliant idea to check what the law has in store for people spreading malware and stealing passwords (not to mention actually using the stolen information in any way, which one would presume is the whole point of stealing it).

Not a legal expert here but agree with the above. Regardless of their justification, their actions may constitute crimes in the EU including computer misuse (attempting to access systems they do not have authorisation to do so), and data protection (obtaining, keeping, using personally identifying information without legal right to do so). That there may have been a copyright infringement before that does not give any waiver of those rights. I dunno if they could play the EULA game either to maybe get around that. Further, they will likely find it difficult to use illegally gathered evidence to support any action they further take. At best, this will be a PR disaster for them.

[dronebynsa]

I'm sorry but EVERYTHING about this company is sketchy. Right down to the occupations of the guys on that about me page... Their backgrounds together are ripe for finance and computer crime.

[rcmaehl]

From Reddit, arstechnica should also be releasing an article soon, I'll update this post when it does:

Basically, they're distributing malware that will steal all your website logins if they think you're a pirate. This malware has apparently been used at least once based on the following statement. 

Spoiler

This is not only stupidly illegal, similar has also been attempted by the likes of Sony back in 2005 which lost the legal battle, horribly. Honestly there's several dozen of other ways to deal with pirates that isn't completely illegal, or can attack innocent people if mistaken.

Edited February 19, 2018 by PCGuy_5960
Threads merged

[daned33]

EDIT: Added ArsTechnica and Motherboard links

 

This story now has an article from Rock Paper Shotgun, but has original post on reddit

 

 

https://www.rockpapershotgun.com/2018/02/19/flight-sim-group-put-malware-in-a-jet-and-called-it-drm/

 

Motherboard Vice: https://motherboard.vice.com/en_us/article/pamzqk/fs-labs-flight-simulator-password-malware-drm

Ars Technica: https://arstechnica.com/gaming/2018/02/flight-sim-devs-say-hidden-password-dump-tool-was-used-to-fight-pirates/

 

I personally own the said flight simulator aircraft and am absolutely appalled by FlightSimLabs' actions with this blatant spyware in their software, wether it be for pirates or not, they are distributing malware to all their customers.

 

FlightSimLabs added a Chrome password dumper to their installer, and if someone used a known pirate key their information would be sent to the developers.

 

The CEO, Lefteris Kalamaras of FlightSimLabs himself stated:

Quote

 

If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us… That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).

This method has already successfully provided information that we’re going to use in our ongoing legal battles against such criminals.

 

 

Source: https://forums.flightsimlabs.com/index.php?/announcement/10-a320-x-drm-clarification/

 

Edited February 19, 2018 by daned33
Added ArsTechnica and Motherboard links

[NelizMastr]

This is pretty much like all governments like

 

"we make nuclear weapons, but we will only use them if we think you deserve it"

 

The backdoor dumps your entire chrome password database for fuck's sake. That's probably more illegal than piracy itself.

[daned33]

ahh beat me by 30s you posted right before me

 

[Sniperfox47]

Is this even a legit company making flight sims?

 

I just tried going to their site on mobile and almost immediately got an immediate redirect popup to super shady "you've won a prize!" ad, that wouldn't let me go back to their site.

[Guest]

"Woops this patch partially messed up detection." Influx of xx% of users passwords through unknown levels of security.

[NelizMastr]

2 minutes ago, Sniperfox47 said:

Is this even a legit company making flight sims?

 

I just tried going to their site on mobile and almost immediately got an immediate redirect popup to super shady "you've won a prize!" ad, that wouldn't let me go back to their site.

They don't make flight sims, they make assets for flight sims. Legit, yes.

[Guest Generallee]

Just now, Sniperfox47 said:

Is this even a legit company making flight sims?

 

I just tried going to their site on mobile and almost immediately got an immediate redirect popup to super shady "you've won a prize!" ad, that wouldn't let me go back to their site.

It's a company that makes overpriced mods for FSX and scams 50 year olds with 99$ scenery packs made in Google Sketchup.