Riot Offers $100000 To Anyone Who Can Find Anti-Cheat Exploits
Riot Games has offered hackers up to $100,000 to discover vulnerabilities in Vanguard, the controversial anti-cheat system used by Valorant. The payouts that Riot Games have posted on their HackerOne bounty board reportedly are some of the biggest in gaming. By comparison, Nintendo’s bounties max out at $20,000 while Rockstar Games’ ends at $10,000.
The recent release of competitive PC shooter Valorant in closed beta form was accompanied by the release of Riot’s new anti-cheat solution, dubbed Vanguard. Earlier this month, fans raised concerns about user security and privacy after discovering Vanguard is more invasive that other anti-cheat solutions.
Currently, if you download and play Valorant, then Vanguard is automatically installed on your computer, and it always runs with high privileges (the driver component runs in kernel-mode, as opposed to user-mode).
Without revealing exactly how Vanguard works, Riot explained its decision in a blog post: “If anti-cheat software is only run in user-mode, its capabilities would be compromised by a cheat running at a higher privilege level. For example, some of the more advanced cheating communities have used Direct Memory Access (DMA) to rebroadcast memory to a separate computer for later processing.”
It’s clear that Riot is taking the security concerns regarding their new Anti-Cheat very seriously, below is what they had to say.
“If you’re able to help us protect our players and their data by responsibly identifying new security issues for us to fix, you are awesome and we want to reward you. Qualifying bugs will be rewarded based on severity. Our minimum reward is $250 USD. Rewards are granted entirely at the discretion of Riot. Publicly disclosing your bug without coordinating with us may lead to being ineligible for a bounty. We will judge this on a case by case basis.”
Vanguard exploits that are contained in userland will be considered under our standard scope rather than the special Vanguard bounties scope.
|Network attack with no user interaction||Code execution on the kernel level||$100,000|
|Unauthorized access to sensitive data||$75,000|
|Network attack requiring user interaction (1 click)||Code execution on the kernel level||$75,000|
|Unauthorized access to sensitive data||$50,000|
|Local attack for privilege escalation||Code execution on the kernel level||$35,000|
|Unauthorized access to sensitive data||$25,000|
Cheating is one of the biggest issues in competitive gaming, and Valorant fans are hoping the game doesn’t suffer a significant hacker problem when it eventually hits open beta. The question for Riot is, can it keep its anti-cheat effective without making it so intrusive as to cause a player backlash?
In response, the developer has doubled down by reminding that it has already rigorously tested Vanguard for vulnerabilities. “The bottom line is we would never let Riot ship anything if we weren’t confident it treated player privacy and security with the extreme seriousness they deserve,” its security team wrote in a post explaining the situation.
Valorant is currently in closed beta. Riot Games has yet to confirm an end date for the beta.