How many times in the field of software
development have we heard that safety must be considered from the outset to the
release – and subsequent maintenance –
of the app or program in question? Hundreds, right?
Fortunately, developers have understood this
fundamental concept for programming, especially those who write code for
operating systems or for critical applications used in business and everyday
life.
However, there is a category of software
that, while not new, in recent years has grown rapidly, generating more and
more revenue, and where security is also a key priority. We are talking about
video games; an industry that makes billions of US dollars per year, with
hundreds of millions of active players, and still it seems to have no limit.
Since gamescom 2016 is around the corner in
Germany and it is one of the three most important video gaming events in the
world, ESET will be there and we think this is a good time to talk about
security in video game development. While we waited for the event, we interviewed
professional gamers from different countries to
learn about their security expertise; now, the time has come to consider other
aspects related.
We interviewed Andrés Rossi, CEO of Sismogames
- an Argentine company that develops video games for social networks such as
Facebook and mobile devices, a niche market that was in 2015 worth $1.97
billion in the US alone.
Theft,
threats and scams in the gaming world
First, we asked Andrés his opinion and experience regarding the different types
of security incidents he has come across during his career in game development.
"Over the years, I have seen all sorts of incidents, from payment-card
frauds, to cyberattacks targeting gamers and the subsequent claim of prizes, to
exploitation of servers just for the sake of playing", he described.
[blockquote_right]“What
I see most frequently are players who leave their accounts open in machines
that do not belong to them.”[/blockquote_right]
However,
these are by no means the most frequent incidents he usually faces.
"Irresponsible as it may seem, what I see most frequently are players who
leave their accounts open in machines that do not belong to them, they just
leave without logging off or erasing their private data,” he elaborated.
“On
the other hand, there are also many flash drives or file attachments with
malware going around from hand to hand. Recently, I have seen a proliferation
of these cases as if we had gone back ten years in time.”
The
importance of IT security for game development
[blockquote_right]“I
think there is a lot of ignorance among video game developers regarding
security implementation.”[/blockquote_right]
"I think there is a lot of ignorance
among video game developers regarding security implementation,” Andrés continued.
“Take Sony, which had its online PlayStation platform compromised. There is
quite a lot of work to do.
“The problem is that there are so many games
that, as is to be expected, the challenge is still only focused on the largest
and most famous game companies".
It is clear to all connoisseurs of this issue
that IT security permeates every area of software development. But specifically
within video games, "it must be considered from the very moment you start
gathering information from your players, such as their email account or
Facebook credentials, and even more so when your business model involves the
purchase of premium items or virtual currencies".
As Andrés mentioned, we must never forget
that all this in-app purchase structure could be compromised, in which case it
would be exposing the players' sensitive data, such as their credit card
numbers. Bearing this in mind, each developer can implement the measures he considers
appropriate for the type of game and platform in order to prevent data breaches
and information theft.
Security
and video games – two industries working towards taking care of people's data
and passions
We now know that security is a vital part of
the video game industry, especially with the proliferation of MOBA (Multiplayer
Online Battle Arena) and MMOG (Massively Multiplayer Online Game), video game
genres that require an internet connection to work.
However, we still have to find out how, in
this context, the IT security industry can get more involved in this market and
collaborate closely with video game creators. "It's an excellent
question,” Andrés noted.
“It is essential that we build case studies
to show people the risks involved and the measures that can be taken. The first
step is to continue educating and raising awareness, disclosing case examples,
and speaking clearly about the economic impact on the gaming industry, so that
security starts to be taken into consideration in the new projects.”
In this article, we have learned about the
most common security incidents in the video game industry, as well as the
current status of security in the gaming world, and how both game developers
and security companies can work together to further increase the protection
levels of the systems used by gamers.
We hope that gamers and companies make their
best effort so that those who want to play can do so without
worrying, and those who want to commit crimes
have to face growing obstacles to achieve their malicious purposes.
Santiago
Sassone
Senior Corporate Communications Specialist
