Last month, Activision posted that they’d “identified and disabled a workaround” within their automated anti-cheat tool, Ricochet. The language of the post is purposefully vague about what actually happened, but the studio asserts that only a “small number” of legitimate Call of Duty: Warzone and Modern Warfare III players were affected, and that those accounts have since been reinstated.
However, it wasn’t long before hackers shared their side of the story—to say nothing of all the angry responses under Activision’s post from players still locked out of their accounts. A hacker known as Zeebler was the first to publicly share details of the exploit, explaining how it allowed them to remotely permaban players by typing as few as two words into the lobby chat. TechCrunch has since caught up with the hacker who originally found the exploit.
Going by the handle Vizor, the hacker in conversation alleges the extent of the issue was much farther reaching than Activision is willing to admit, saying they were able to remotely ban “thousands upon thousands” of players. Perhaps most damningly, the hacker also tells TechCrunch, “I could have done this for years and as long as I target random players and no one famous it would have gone without notice.”
Aimbots have been the bane of many a shooter fan’s existence—and indeed even threw Apex Legends’ anti-cheat software for a loop—so you can understand why Ricochet would have cheats like this in its sights. What is a lot less straightforward to understand is how simply typing the words ‘aim bot’ and sending them to another player could get them banned.
Vizor explained that Ricochet uses a list of hardcoded strings of text to detect cheaters and that they then exploited this to ban innocent players by simply sending one of these strings via an in-game whisper. To test the exploit the day they found it, they sent an in-game message containing one of these strings to themselves and promptly got banned.
Vizor elaborates, “I realized that Ricochet anti-cheat was likely scanning players’ devices for strings to determine who was a cheater or not. This is fairly normal to do but scanning this much memory space with just an ASCII string and banning off of that is extremely prone to false positives.”
To put it in simplified terms, Ricochet was picking through player’s setups, looking for anything from a list of keywords—or signatures—and then banning when it found them, regardless of the context in which those keywords appeared. That’s not the wildest part.
What’s wilder is that Vizor wrote a script that then automated the exploit process, allowing them to “join a game, post a message, leave the game, join a new game, repeat repeat repeat,” and keep dishing out permabans even while they were away on holiday. As Activision continued to update the anti-cheat software with new string signatures to look out for, Vizor kept up to date too, and continued, in their own words, “trolling” both the developer and Call of Duty players alike. This continued right up until fellow hacker Zeebler made the exploit much more widely known.
So now that Activision has finally worked out this workaround, how does Vizor feel with their “trolling” days at an end? Their takeaway may surprise you: “It was nice to see it get fixed and see unbans,” they admit before adding, “I had my fun.”