As cybersecurity experts working in the games industry, perhaps the most common question we hear all the time is 'What type of game is most likely to be hacked?' Generally speaking, all games are hackable in theory and there isn't really a hierarchy for one type or genre being more or less hackable than any other. Mobile games, for instance, aren't any more or less likely to be a target than an Xbox One game. It isn't a matter of any one platform, genre, or developer being an easier target than another. But if we were to pinpoint one general arena that tends to be more focused on by hacking communities, we undoubtedly would have to turn our gaze to online games.
Before we get into it, let us preface this by saying offline games aren't guaranteed to be safe 100% of the time either, that's not what we're saying by any means. But by and large, when you look at trends for games being hacked across all genres and platforms, online games tend to be the ones targeted the most and the ones with most successful hacks executed on them. There are many reasons why this is the case, let's explore some together.
Why are online games a more common target for hackers?
Let's start with an easy one. Online games generally make easier targets because they are online. They are fully accessible and available in a digital space. This means, for example, if a black hat hacker wanted to exploit a live game in real-time, they're going to have an easier time finding vulnerabilities in one that is connected to the Internet than one that is happening offline and within a player's private, disconnected space.
A factor that is completely dependent on this is that by virtue of being online, these games are far more likely to have a hugely competitive element. Take the battle royale genre for example. 100 players competing on a relatively even terrain where the only key differentiator between them is the skill each one brings to the table as an individual gamer. Naturally, playground rules kick in and someone is going to look for a way to cheat.
If that person looking to get the competitive edge happens to be a hacker, it doesn't take a wild leap in logic to guess how they're going to try to get one up on the other players. They will search for item duplication vulnerabilities, ways to exploit in-game currency or XP to advance in levels or buy new items and skins, or even attempt to limit the abilities of other players by granting themselves permissions to boot other players from games, clans or administrator roles. And that's before we even get to modding the game itself.
Even outside of the individual competitive element, there is a whole other aspect to this too. Sometimes hackers target games for fun or to boost their reputation. Some do it for profit, selling hacks online to other players. If there is a demand for something, there will be those who will try to meet that demand. With online games being bigger now than at any time in history, there is unbelievable demand.
How do hackers target my game and what can they do?
Unfortunately, there is no one way to hack a game, no 'hack here' sign where black hats slip in a push a switch. Potentially, there can be as many ways to hack a game as there are functions within that game. The only thing a hacker may need in exploiting a game is the knowledge of where to look.
There are many reasons a game can be targeted. Trolling, politics, a history of poor security systems, for fun. But if we continue with the example from above, gaining a competitive advantage over other players is often a huge reason a game can be targeted. The more players in a game's community, the more competitive it is, and by law of large numbers, there is a good chance a hacker is amongst that player base.
Hacks too can have so many different outcomes. From item or in-game currency duplication to full-scale player data breaches or IP and asset theft. If a part of a game's code is unprotected, it is vulnerable to exploitation.
Even the smallest of these hacks can cause huge harm to a game's reputation. If a game is seen as unfair or unwinnable because of unethical advantages used by other players, regular players are going to jump ship fast. Adding to this the potential for lost revenue through in-game purchases or potential legal action spawning from private data leaks and you've got a cocktail for business continuity disaster.
How do I prevent my online game from being hacked?
The most effective way to ensure a game is protected, simply put, is to build proper game security measures in right from the start. Don't assume application security is just an added extra. Just as not all cybersecurity specialists are experts in game design, not all game designers are cybersecurity specialists. A native cybersecurity specialist working in tandem with the development team will be able to pinpoint where potential injection points lie and help build code to close them off.
Maybe you're thinking 'Okay, but I've already released my game. Does that mean it's too late?' No, not at all. Penetration testing for video games can always be carried out after publishing, it's just better to do it before players have a chance to discover vulnerabilities. Teaming up with the right ethical hacking specialist or consultant can empower teams with games already online and available to make the necessary patches and upgrades they need to shut down potential hacking scenarios. It's never too late to protect your game, but it's always best to be proactive to ensure your game and your reputation stay intact.