News

Steam’s Game Developers and Their Compromised Security

 

In recent months, there has been a surge in malware distribution through compromised publisher accounts on Steam, prompting Valve, the company behind the popular gaming platform, to take action.
To safeguard both game publishers and players, Valve has introduced extra secure measures, including SMS based codes – OTP SMS thereby using SMS verification services.

What is Steamworks and its Role in Security Enhancements?

Steamworks is a comprehensive suite of tools and services that software developers utilize to distribute their games and software on the Steam platform. It encompasses various features such as DRM (digital rights management), multiplayer modes, video streaming, matchmaking, achievements system, in-game voice and chat, microtransactions, statistics, cloud saving, and community-made content sharing through the Steam Workshop.

The recent surge in compromised Steamworks accounts has raised concerns about the security of the platform. Hackers have been able to upload malicious builds of games using these compromised accounts, infecting unsuspecting players with malware. Valve has recognized the severity of this issue and is determined to tackle it head-on.

Valve’s Approach to Tackling Compromised Accounts

Valve has outlined its plan to address the compromised account issue by implementing a new SMS-based security check. Starting from October 24, 2023, game developers will be required to pass this authentication process before pushing updates on the default release branch of their games. It is important to note that this security measure will not apply to beta releases.

In addition to securing the default release branch, Valve is also extending SMS verification to the process of adding new users to the Steamworks partner group. Previously, this process relied on email-based confirmation, but now, group admins will also have to verify the action with an SMS code.

Valve emphasizes that developers without a phone number associated with their account will have no workaround. Thus, it is crucial for game makers to ensure they have a means to receive text messages in order to continue publishing their games on the Steam platform.

The Importance of SMS Verification in Supply Chain Security
SMS verification plays a pivotal role in strengthening the supply chain security on Steam. By implementing this additional layer of authentication, Valve aims to prevent unauthorized access to developer accounts and curb the distribution of malware-laced game updates. However, it is important to acknowledge that SMS-based verification is not without its limitations.

One of the developers, Benoît Freslon, who experienced a compromise of his Steam account, pointed out that the new SMS-based security measure would not have prevented the attack he faced. 

The malware that targeted his account managed to steal session tokens, providing the attackers with access to his various accounts, including Discord, Steam, Twitch, Twitter, and more. This highlights the need for more robust security measures beyond SMS verification.

There are multiple things one can keep in mind while implementing SMS verification. You can read about the same in our guide – ‘A comprehensive guide to OTP SMS fraud prevention’ on Message Central’s website.

Exploring the Limitations of SMS Verification

While SMS verification is a step in the right direction, it is not a foolproof solution. Cybercriminals have devised various methods to bypass this security measure, such as SIM-swap attacks. In a SIM-swap attack, threat actors port the victim’s phone number to a new SIM card, effectively bypassing any security measures tied to that phone number.

To address these limitations, it would be prudent for Valve to consider implementing more modern and secure alternatives, such as authenticator apps or physical security keys. These methods provide an extra layer of protection against attacks that specifically target SMS-based verification.

Valve’s Commitment to User Safety and Developer Awareness

Valve acknowledges that the implementation of SMS verification via SMS verification services introduces additional friction for developers. However, the company has deemed this tradeoff necessary to ensure the safety of Steam users and to keep developers informed of any potential compromises to their accounts.

Valve has observed an uptick in sophisticated attacks targeting Steam partner accounts. These attacks underscore the importance of proactive security measures to safeguard the integrity of the platform. As part of its ongoing efforts to bolster security, Valve plans to extend the two-factor security check to other Steam backend actions in the future.

Conclusion

In response to the recent surge in malware distribution through compromised publisher accounts, Valve has introduced SMS-based verification as an additional security measure for game developers on Steam. 

While this step is commendable, it is important to recognize the limitations of SMS verification and the need for more robust security measures in the long run. Valve’s commitment to user safety and developer awareness is evident in their proactive approach to addressing security concerns. By continuously evolving and implementing innovative security solutions, Valve aims to maintain the integrity of the Steam platform and provide a secure gaming experience for all users.

SMS Verification with Verify Now in 3 Simple Steps

  1. After signing up, you can test the platform before using the SMS verification APIs. Add a recipient number as shown below.
  2. You’d receive the OTP in less than 5 seconds. Once received, enter the OTP as shown below and you’d be able to see the verification status

Piyushi

Blogger By Passion, Programmer By Love and Marketing Beast By Birth.

Related Articles

Back to top button