Riot has provided hackers as much as $ 100,000 to search out vulnerabilities in Valorant’s controversial anti-cheat.
The latest launch of aggressive PC shooter Valorant in closed beta type was accompanied by the discharge of Riot’s new anti-cheat answer, dubbed Vanguard.
Earlier this month, followers raised issues about person safety and privateness after discovering Vanguard is extra invasive that different anti-cheat options.
At the moment, should you obtain and play Valorant, then Vanguard is routinely put in in your pc, and it at all times runs with excessive privileges (the driving force element runs in kernel-mode, versus user-mode).
With out revealing precisely how Vanguard works, Riot defined its choice in a weblog publish: “If anti-cheat software program is just run in user-mode, its capabilities can be compromised by a cheat working at the next privilege degree. For instance, a number of the extra superior dishonest communities have used Direct Reminiscence Entry (DMA) to rebroadcast reminiscence to a separate pc for later processing.”
Riot then insisted Vanguard doesn’t accumulate or course of any private data past what the present League of Legends anti-cheat answer does, and revealed the Vanguard driver (kernel-mode) is utilized by the consumer to validate reminiscence and system state, and to verify the consumer has not been tampered with.
“Riot doesn’t wish to know extra about you or your machine than what is critical to take care of excessive integrity in your recreation,” Riot mentioned.
Nonetheless, Riot has additionally taken the additional step of providing an enormous bounty pot for Vanguard exploit studies. It listed a handful of Valorant-specific bounties on HackerOne, a web site the place corporations can supply rewards to hackers who expose safety points of their software program. The utmost reward is $ 100,000, which pertains to code execution on the kernel degree that entails a community assault with no person interplay.
“To strengthen our dedication to our gamers’ safety, we’re providing particular bounties for as much as $ 100,000 for top of the range studies that display sensible exploits leveraging the Vanguard kernel driver,” Riot mentioned.
“In the event you’re capable of assist us shield our gamers and their knowledge by responsibly figuring out new safety points for us to repair, you’re superior and we wish to reward you.”
Riot’s use of HackerOne isn’t new – it has run a bug bounty program on the web site for the previous six years, rewarding hackers nearly $ 2m in bounties.
Nonetheless, this particular scope for Vanguard and the upper bounties that include it’s certainly new, and clearly an try and persuade sceptical PC players of Riot’s dedication to defending person knowledge, whereas retaining its anti-cheat aggressive.
Properly it sucks, however right this moment we needed to ban our first cheater (and it appears like extra bans are on the horizon).
I hoped for just a little extra time earlier than this struggle kicked off however we’re in it now and we’re prepared.