Ready Raider One: Exploring the Misuse of Cloud Gaming Services

Authors

Guannan Liu
Daiping Liu
Shuai Hao, Old Dominion UniversityFollow
Xing Gao
Kun Sun
Haining Wang

Document Type

Conference Paper

Publication Date

2022

DOI

10.1145/3548606.3560647

Publication Title

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Pages

1993-2007

Conference Name

CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security, November 7-11, 2022, Los Angeles, CA

Abstract

Cloud gaming has become an emerging computing paradigm in recent years, allowing computer games to offload complex graphics and logic computation to the cloud. To deliver a smooth and high-quality gaming experience, cloud gaming services have invested abundant computing resources in the cloud, including adequate CPUs, top-tier GPUs, and high-bandwidth Internet connections. Unfortunately, the abundant computing resources offered by cloud gaming are vulnerable to misuse and exploitation for malicious purposes. In this paper, we present an in-depth study on security vulnerabilities in cloud gaming services. Specifically, we reveal that adversaries can purposely inject malicious programs/URLs into the cloud gaming services via game mods. Using the provided features such as in-game subroutines, game launch options, and built-in browsers, adversaries are able to execute the injected malicious programs/URLs in cloud gaming services. To demonstrate that such vulnerabilities pose a serious threat, we conduct four proof-of-concept attacks on cloud gaming services. Two of them are to abuse the CPUs and GPUs in cloud gaming services to mine cryptocurrencies with attractive profits and train machine learning models at a trivial cost. The other two are to exploit the high-bandwidth connections provided by cloud gaming for malicious Command & Control and censorship circumvention. Finally, we present several countermeasures for cloud gaming services to protect their valuable assets from malicious exploitation.

Rights

© 2022 of the Owner/Authors.

This work is licensed under a Creative Commons Attribution International 4.0 (CC BY 4.0) License.

Original Publication Citation

Liu, G., Liu, D., Hao, S., Gao, X., Sun, K., & Wang, H. (2022). Ready raider one: Exploring the misuse of cloud gaming services. In CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 1993-2007). Association for Computing Machinery. https://doi.org/10.1145/3548606.3560647

Repository Citation

Liu, G., Liu, D., Hao, S., Gao, X., Sun, K., & Wang, H. (2022). Ready raider one: Exploring the misuse of cloud gaming services. In CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 1993-2007). Association for Computing Machinery. https://doi.org/10.1145/3548606.3560647

ORCID

0000-0001-7483-5252 (Hao)