📜 ⬆️ ⬇️

How to hack Second Life via QuickTime

Security Specialist Charlie Miller (Charlie Miller) told how in 2007 he managed to hack the Second Life game and create a virtual object that robs passersby. This object could be placed anywhere - in the forest, in a bar, in the middle of a busy street, or hung in the air.

The vulnerability is due to the fact that Second Life uses QuickTime Player to display multimedia. For him there are known holes, some of which have not yet been closed. One of these holes and used by Charlie Miller, who made a small pink cube with animation on all faces. If the avatar looks at the cube (the photo shows how one of the victims does it), then it will be automatically hacked. You can steal a person's virtual property and even get access to an account in a real bank, which is tied to a Second Life account.

Charlie Miller wrote this hack back in 2007. He says that this is the most interesting exploit that he created in his life: after all, people could really contact him, look at him and even touch him.

The video shows how a malicious object causes a passing citizen to pay 12 linden dollars and shout the words “I've been hacked”.

PS I wonder if there are similar “exploits” in our offline world, which, when looking at them, automatically increase blood pressure or hormone levels in the blood? Scientists say such exploits exist . What can you do, nature is also imperfect and leaves some unclosed vulnerabilities.

PPS After publishing this story yesterday on Slashdot, Apple closed the mentioned vulnerability in QuickTime.

Source: https://habr.com/ru/post/102168/

All Articles