Riot Offers $100000 To Anyone Who Can Find Anti-Cheat Exploits

Riot new anti-cheat system “Vanguard” has recently sparked controversy as an always-on driver with potential backdoor risks. Now Riot offers $100,000 to anyone who can find and report exploits and bugs within the system.

98
Reading Time: 2 minutes

Riot Offers $100000 To Anyone Who Can Find Anti-Cheat Exploits

Riot Offers $100000 To Anyone Who Can Find Anti-Cheat Exploits

Riot Games has offered hackers up to $100,000 to discover vulnerabilities in Vanguard, the controversial anti-cheat system used by Valorant. The payouts that Riot Games have posted on their HackerOne bounty board reportedly are some of the biggest in gaming. By comparison, Nintendo’s bounties max out at $20,000 while Rockstar Games’ ends at $10,000.

The recent release of competitive PC shooter Valorant in closed beta form was accompanied by the release of Riot’s new anti-cheat solution, dubbed Vanguard. Earlier this month, fans raised concerns about user security and privacy after discovering Vanguard is more invasive that other anti-cheat solutions.

Currently, if you download and play Valorant, then Vanguard is automatically installed on your computer, and it always runs with high privileges (the driver component runs in kernel-mode, as opposed to user-mode).

Without revealing exactly how Vanguard works, Riot explained its decision in a blog post: “If anti-cheat software is only run in user-mode, its capabilities would be compromised by a cheat running at a higher privilege level. For example, some of the more advanced cheating communities have used Direct Memory Access (DMA) to rebroadcast memory to a separate computer for later processing.”

It’s clear that Riot is taking the security concerns regarding their new Anti-Cheat very seriously, below is what they had to say.

“If you’re able to help us protect our players and their data by responsibly identifying new security issues for us to fix, you are awesome and we want to reward you. Qualifying bugs will be rewarded based on severity. Our minimum reward is $250 USD. Rewards are granted entirely at the discretion of Riot. Publicly disclosing your bug without coordinating with us may lead to being ineligible for a bounty. We will judge this on a case by case basis.”

Vanguard exploits that are contained in userland will be considered under our standard scope rather than the special Vanguard bounties scope.

Vanguard Bounties:

Category Subcategory Maximum Bounty
Network attack with no user interaction Code execution on the kernel level $100,000
  Unauthorized access to sensitive data $75,000
Network attack requiring user interaction (1 click) Code execution on the kernel level $75,000
  Unauthorized access to sensitive data $50,000
Local attack for privilege escalation Code execution on the kernel level $35,000
  Unauthorized access to sensitive data $25,000

 

Cheating is one of the biggest issues in competitive gaming, and Valorant fans are hoping the game doesn’t suffer a significant hacker problem when it eventually hits open beta. The question for Riot is, can it keep its anti-cheat effective without making it so intrusive as to cause a player backlash?

In response, the developer has doubled down by reminding that it has already rigorously tested Vanguard for vulnerabilities. “The bottom line is we would never let Riot ship anything if we weren’t confident it treated player privacy and security with the extreme seriousness they deserve,” its security team wrote in a post explaining the situation.

Valorant is currently in closed beta. Riot Games has yet to confirm an end date for the beta.

Rate This And Share:

0 / 5