How many times in the field of software development have we heard that safety must be considered from the outset to the release – and subsequent maintenance – of the app or program in question? Hundreds, right?
Fortunately, developers have understood this fundamental concept for programming, especially those who write code for operating systems or for critical applications used in business and everyday life.
However, there is a category of software that, while not new, in recent years has grown rapidly, generating more and more revenue, and where security is also a key priority. We are talking about video games, an industry that makes billions of US dollars per year, with hundreds of millions of active players, and still it seems to have no limit.
Since gamescom 2016 is around the corner in Germany and it is one of the three most important video gaming events in the world – ESET will be in attendance – we think this is a good time to talk about security in video game development. While we waited for the event, we interviewed professional gamers from different countries to learn about their security expertise; now, the time has come to consider other aspects related.
We interviewed Andrés Rossi, CEO of Sismogames - an Argentine company that develops video games for social networks such as Facebook and mobile devices, a niche market that was in 2015 worth $1.97 billion in the US alone.
Theft, threats and scams in the gaming world
First, we asked Andrés his opinion and experience regarding the different types of security incidents he has come across during his career in games development. "Over the years, I have seen all sorts of incidents, from payment-card frauds, to cyberattacks targeting gamers and the subsequent claim of prizes, to exploitation of servers just for the sake of playing", he described.
“What I see most frequently are players who leave their accounts open in machines that do not belong to them.”
However, these are by no means the most frequent incidents he usually faces. "Irresponsible as it may seem, what I see most frequently are players who leave their accounts open in machines that do not belong to them, they just leave without logging off or erasing their private data,” he elaborated.
“On the other hand, there are also many flash drives or file attachments with malware going around from hand to hand. Recently, I have seen a proliferation of these cases as if we had gone back ten years in time.”
The importance of IT security for game development
In this profession, thinking about the safety of new games is a must in the daily routine.
“I think there is a lot of ignorance among video game developers regarding security implementation.”
"I think there is a lot of ignorance among video game developers regarding security implementation,” Andrés continued. “Take Sony, which had its online PlayStation platform compromised. There is quite a lot of work to do.
“The problem is that there are so many games that, as is to be expected, the challenge is still only focused on the largest and most famous game companies".
It is clear to all connoisseurs of this issue that IT security permeates every area of software development. But specifically within video games, "it must be considered from the very moment you start gathering information from your players, such as their email account or Facebook credentials, and even more so when your business model involves the purchase of premium items or virtual currencies".
As Andrés mentioned, we must never forget that all this in-app purchase structure could be compromised, in which case it would be exposing the players' sensitive data, such as their credit card numbers. Bearing this in mind, each developer can implement the measures he considers appropriate for the type of game and platform in order to prevent data breaches and information theft.
Security and video games – two industries working towards taking care of people's data and passions
We now know that security is a vital part of the video game industry, especially with the proliferation of MOBA (Multiplayer Online Battle Arena) and MMOG (Massively Multiplayer Online Game), video game genres that require an internet connection to work.
However, we still have to find out how, in this context, the IT security industry can get more involved in this market and collaborate closely with video game creators. "It's an excellent question,” Andrés noted.
“It is essential that we build case studies to show people the risks involved and the measures that can be taken. The first step is to continue educating and raising awareness, disclosing case examples, and speaking clearly about the economic impact on the gaming industry, so that security starts to be taken into consideration in the new projects.”
In this article, we have learned about the most common security incidents in the video game industry, as well as the current status of security in the gaming world, and how both game developers and security companies can work together to further increase the protection levels of the systems used by gamers.
We hope that gamers and companies make their best effort so that those who want to play can do so without worrying, and those who want to commit crimes have to face growing obstacles to achieve their malicious purposes.