Why security is a transversal issue for video games development

How many times in the field of software development have we heard that safety must be considered from the outset to the release – and subsequent maintenance – of the app or program in question? Hundreds, right?

Fortunately, developers have understood this fundamental concept for programming, especially those who write code for operating systems or for critical applications used in business and everyday life.

However, there is a category of software that, while not new, in recent years has grown rapidly, generating more and more revenue, and where security is also a key priority. We are talking about video games, an industry that makes billions of US dollars per year, with hundreds of millions of active players, and still it seems to have no limit.

Since gamescom 2016 is around the corner in Germany and it is one of the three most important video gaming events in the world – ESET will be in attendance – we think this is a good time to talk about security in video game development. While we waited for the event, we interviewed professional gamers from different countries to learn about their security expertise; now, the time has come to consider other aspects related.

We interviewed Andrés Rossi, CEO of Sismogames – an Argentine company that develops video games for social networks such as Facebook and mobile devices, a niche market that was in 2015 worth $1.97 billion in the US alone.

Theft, threats and scams in the gaming world

First, we asked Andrés his opinion and experience regarding the different types of security incidents he has come across during his career in games development. “Over the years, I have seen all sorts of incidents, from payment-card frauds, to cyberattacks targeting gamers and the subsequent claim of prizes, to exploitation of servers just for the sake of playing”, he described.

“What I see most frequently are players who leave their accounts open in machines that do not belong to them.”

However, these are by no means the most frequent incidents he usually faces. “Irresponsible as it may seem, what I see most frequently are players who leave their accounts open in machines that do not belong to them, they just leave without logging off or erasing their private data,” he elaborated.

“On the other hand, there are also many flash drives or file attachments with malware going around from hand to hand. Recently, I have seen a proliferation of these cases as if we had gone back ten years in time.”

The importance of IT security for game development

seguridad en videojuegos

In this profession, thinking about the safety of new games is a must in the daily routine.

“I think there is a lot of ignorance among video game developers regarding security implementation.”

“I think there is a lot of ignorance among video game developers regarding security implementation,” Andrés continued. “Take Sony, which had its online PlayStation platform compromised. There is quite a lot of work to do.

“The problem is that there are so many games that, as is to be expected, the challenge is still only focused on the largest and most famous game companies”.

It is clear to all connoisseurs of this issue that IT security permeates every area of software development. But specifically within video games, “it must be considered from the very moment you start gathering information from your players, such as their email account or Facebook credentials, and even more so when your business model involves the purchase of premium items or virtual currencies”.

As Andrés mentioned, we must never forget that all this in-app purchase structure could be compromised, in which case it would be exposing the players’ sensitive data, such as their credit card numbers. Bearing this in mind, each developer can implement the measures he considers appropriate for the type of game and platform in order to prevent data breaches and information theft.

Security and video games – two industries working towards taking care of people’s data and passions

professionalgamers

We now know that security is a vital part of the video game industry, especially with the proliferation of MOBA (Multiplayer Online Battle Arena) and MMOG (Massively Multiplayer Online Game), video game genres that require an internet connection to work.

However, we still have to find out how, in this context, the IT security industry can get more involved in this market and collaborate closely with video game creators. “It’s an excellent question,” Andrés noted.

“It is essential that we build case studies to show people the risks involved and the measures that can be taken. The first step is to continue educating and raising awareness, disclosing case examples, and speaking clearly about the economic impact on the gaming industry, so that security starts to be taken into consideration in the new projects.”

In this article, we have learned about the most common security incidents in the video game industry, as well as the current status of security in the gaming world, and how both game developers and security companies can work together to further increase the protection levels of the systems used by gamers.

We hope that gamers and companies make their best effort so that those who want to play can do so without worrying, and those who want to commit crimes have to face growing obstacles to achieve their malicious purposes.

Images credits: ©Dave Allen/Flickr

Author , ESET

  • Terry

    Video game security:

    It would go a long way to helping us protect our privacy if the purveyors of games, including game apps for mobile devices, would tell us exactly what data is being collected and how it is to be used. the current practice of saying that “We will access your Contacts, Camera, and email accounts, etc. … ” is virtually useless for those of us who would be using their software. And “We will access your picture folders to gather pictures for our own purposes and for those who may want to purchase them from us for their own use and/or for sale on their websites.” And on and on.

    It would be much more helpful to know that “We will access your contact list and share it with companies that will use it for their own purposes such as marketing to your contacts, possibly referencing you as the initiator of their sales pitch to your contacts.”

    We should be given the opportunity to opt into such data gathering without the risk of being prohibited from using the software if we decline the “offer” to opt in.

    In addition Federal and State legislators should require this type of notice and requirement for permitting opting in without penalty.

    IMO the current privacy notification practices are nothing more than CYA ploys for the software purveyors.

Follow us

Copyright © 2018 ESET, All Rights Reserved.