James Sebree, researcher at the security company Tenable, he published on Tuesday a survey of him, with a series of relatively simple vulnerabilities in Among Us which he discovered in the last two months, which allow fraudsters to enter the game. Some of them destroy the basic mechanisms of the game, allowing cheaters to kill other players at will, to impersonate other players, to teleport in the game, to walk through walls, to overload the speed of his character, to control the movements of others players, to obtain free in-game items, to prohibit users from participating without having such rights, and to play themselves even if they are blocked.
Sebree said he began investigating him code of the game in late September, with the aim of modifying it to allow more than the default 10 players. But he soon found that the ability to change the game was much greater.
The errors as Sebree says, due to the fact that the servers The game is not designed to validate information sent by the client running on players' computers, a key protection found in popular PC games.
Of course Sebree is not the first to hack Among Us. Players often complain about invasion and deception in the game at least from the beginning of October. Some players were also affected by spam messages concerning him Trump in mid-October.
Η Innersloth, the creator of Among Us told WIRED that addresses these issues. Sebree says he tried to contact Innersloth repeatedly in mid-October to share his findings, but received no response. He notes that some of the hacks that have been identified since then have been fixed, such as changing the color of the character, immediately identifying the scammer or killing other players.
As Innersloth is made up of only three people, it may come as no surprise that it does not have the resources to discover and repair any vulnerability in the game, says Sebree. He claims that the kind of basic bugs he discovered are to be expected in games like Among Us, which are built by a team of developers, using tools such as the Unity engine to reduce barriers to building games.
Sebree acknowledged, however, that the security vulnerabilities he discovered in Among Us did not pose a serious threat to users. They do not allow, for example, access to anything on a target player's computer beyond the limits of the game. Sebree hopes that with some software fixes, game developers will be able to curb fraud and provide a better experience for their players.