In October, Activision announced it had corrected a bug in its anti-cheat system, which had inadvertently banned a "small number of legitimate players." However, according to a hacker named Vizor, who both discovered and exploited the bug, the actual impact was far larger, affecting "thousands upon thousands" of players framed as cheaters. Speaking with TechCrunch, Vizor claimed the exploit allowed them to target random players without detection as long as high-profile players weren’t involved.
TechCrunch connected with Vizor through Zebleer, a developer familiar with the Call of Duty cheating community. Zebleer, who had known about the exploit for months, observed Vizor using it and provided insight into the broader hacking landscape. For years, hackers have targeted online games, seeking vulnerabilities to create and sell cheats that give players unfair advantages. To counter this, gaming companies like Activision have invested in advanced anti-cheat systems. In 2021, Activision introduced Ricochet, a kernel-level system meant to prevent such cheating.
Vizor claimed they discovered a unique method to weaponize Ricochet against its own player base. The exploit relied on Ricochet’s reliance on certain “signatures” — specific text strings used to detect cheats. For instance, Ricochet would flag the string “Trigger Bot,” a term related to a cheat that automatically shoots when a target is in sight. By sending a private in-game message containing one of these keywords, Vizor was able to get unsuspecting players banned.
According to Vizor, Ricochet’s scanning for these strings was overly broad, leading to easy manipulation. Vizor explained that the system’s reliance on simple ASCII string scanning left it vulnerable to false positives, allowing them to trigger bans simply by sending messages. They even automated this process, developing a script to join games, post messages, and exit — repeating this cycle to target players even while they were away.
During this period, Activision periodically updated Ricochet with new keyword signatures, which Vizor exploited each time. This cycle continued until the bug’s details were publicized by Zebleer on X, prompting Activision to fix the exploit.
One former Activision employee, familiar with the company’s anti-cheat team, confirmed that Ricochet’s signature-based detection likely made it vulnerable to the exploit. They criticized Activision’s decision to use unprotected signature scanning, calling it an oversight that left players open to unfair bans.
In addition to random players, Vizor admitted to targeting popular streamers, some of whom shared their frustrations on X. These bans were eventually lifted after Activision addressed the bug. Reflecting on the experience, Vizor said, “I had my fun,” expressing satisfaction with the outcome after the exploit was finally patched.
Post a Comment