Jump to content

A warning about FSLabs - Their installer logs your passwords!


DrawyahGames

Recommended Posts

Evening guys,

 

Quite an interesting one this evening, it has been revealed that the FSLabs A320 installer potentially logs and sends your Chrome stored passwords back to their own systems! Nothing has been confirmed as of yet, but we do 100% know from the code that the installer does in fact store your passwords into a text file onto your computer.

 

This reddit post explains this in a little more detail including screenshots of how this is done.

 

Looking deeper into the code, the password logger, named 'test.exe', is triggered by the 'FSLInstallerLib.dll' but by using the eSellerate DRM, we cannot look deeper into the networking side of things which means we cannot confirm what happens to your passwords after they are logged.

 

As soon as we have updated or even an announcement from FSLabs themselves, I'll be sure to let you all know!

 

EDIT: FSLabs have now released an official statement, feel free to give it a read here.

https://forums.flightsimlabs.com/index.php?/announcement/10-a320-x-drm-clarification/

 

EDIT: Looks like some of the wider media has now also picked this article up too! https://www.rockpapershotgun.com/2018/02/19/flight-sim-group-put-malware-in-a-jet-and-called-it-drm/

Check out my YouTube Channel for FSX, X-Plane and other simulator content!

https://www.youtube.com/c/Drawyah/

Link to comment
Share on other sites

A complete PR nightmare. Just another example of the DRM turning everybody but the pirates into common criminal. I don't buy the official response that the text file was just for checking false SN. Of course, after page after page of customers threatening to call their CC companies for refund and refusing to buy another FSLabs product ever again, they issued a new installer minus the test file. This response took too long and FSLabs still couldn't issue a real apology. I think Aerosoft just got a whole slew of new customers for their bus.
Link to comment
Share on other sites

Lost in all the noise is the rather interesting fact that this was "discovered and reported" by a P I R A T E who suddenly found his stolen toy no longer worked. Poor sod! :rolleyes:

Bill Leaming http://smileys.sur-la-toile.com/repository/Combat/0054.gif

Gauge Programming - 3d Modeling Military Visualizations

Flightsim.com Panels & Gauges Forum Moderator

Flightsim Rig: Intel Core i7-2600K - 8GB DDR3 1333 - EVGA GTX770 4GB - Win7 64bit Home Premium

Development Rig1: Intel Core i7-3770k - 16GB DDR3 - Dual Radeon HD7770 SLI 1GB - Win7 64bit Professional

Development Rig2: Intel Core i7-860 - 8GB DDR3 Corsair - GeForce GTS240 1GB - Win7 64bit Home Premium

NOTE: Unless explicitly stated in the post, everything written by my hand is MY opinion. I do NOT speak for any company, real or imagined...

Link to comment
Share on other sites

Lost in all the noise is the rather interesting fact that this was "discovered and reported" by a P I R A T E who suddenly found his stolen toy no longer worked. Poor sod! :rolleyes:

 

Pirate reporting pirate. Where's the honour among thieves?

 

Especially the one attempting to pass themselves off as a legitimate developer...

Link to comment
Share on other sites

Nah. If you buy there is no issue.

The issue in this thread only appears when you are using a pirated version.

See the link posted by davidjones to see the details.

 

And only if you are using P3D. Folks are seriously over-reacting to all this. Yes, it was a stupid idea, yes, it was an anti-piracy feature, yes, they have new installers that are DRM free. Now everybody take a breath.

 

DJ

Link to comment
Share on other sites

Nah. If you buy there is no issue. The issue in this thread only appears when you are using a pirated version.

 

Isn't that akin to saying we don't need judges or juries since you will never get arrested if you don't do anything wrong? What FSLabs did is against the law of numerous jurisdictions. There is no "but I think they're pirates!" exception in the law.

 

Cheers!

 

Luke

Link to comment
Share on other sites

Here are some thoughts of mine after having spent considerable time contemplating this situation:

 

Armchair lawyering and finger-wagging is useless. Any investigation and possible litigation is best left to the appropriate authorities. We should all acknowledge that rampant speculation and hysteria can permanently damage a person's reputation and livelihood unfairly. Everyone deserves an opportunity to defend themselves against any accusers in a proper venue. Crucifixion in absentia is counter-productive in these situations.

 

For Lefteris and FSLabs to attempt to mount any form of defense against all of the accusations and innuendo leveled against them in every single forum, reddit, facebook, et cetera venues would be as useless as a rural fire department attempting to control and contain all of the forest and house fires on the west coast by themselves.

 

For this reason alone I feel that AVSIM and the BoD have made the correct decision to disallow such discussion there. I truly wish other websites and venues would have done the same. Let the appropriate authorities investigate and litigate, if such is needed.

Bill Leaming http://smileys.sur-la-toile.com/repository/Combat/0054.gif

Gauge Programming - 3d Modeling Military Visualizations

Flightsim.com Panels & Gauges Forum Moderator

Flightsim Rig: Intel Core i7-2600K - 8GB DDR3 1333 - EVGA GTX770 4GB - Win7 64bit Home Premium

Development Rig1: Intel Core i7-3770k - 16GB DDR3 - Dual Radeon HD7770 SLI 1GB - Win7 64bit Professional

Development Rig2: Intel Core i7-860 - 8GB DDR3 Corsair - GeForce GTS240 1GB - Win7 64bit Home Premium

NOTE: Unless explicitly stated in the post, everything written by my hand is MY opinion. I do NOT speak for any company, real or imagined...

Link to comment
Share on other sites

I can't get my head around how some people react so much to software piracy but seem unconcerned that FSL have actually committed an even greater crime (legally). It doesn't matter that the malware only kicks in if you've got pirated software. Just the fact that they installed malware on your system, no matter how briefly, is against the law in many countries. As someone said on another forum, it's also against the law to collect someone's private data (even from criminals) without either their consent or a court order. Apparently they even went as far as telling someone on a forum whose antivirus caught the malware to turn it off during installation as it was a false positive!

 

"Folks are seriously over-reacting to all this" - really? You clearly don't understand the legal consequences of what FSL did.

 

You going to sue them? Do you even know what country they are in? Can you show damages? If not, give it a rest.

 

DJ

Link to comment
Share on other sites

Well if were FS Labs I'd be reinforcing my files, servers and internet connections because where you get pirates you get hackers, and it's almost certain they'll be coming for them...

 

The counterpoint to all this publicity is it raises their profile enough to make them targets - as individuals and as a group.:rolleyes:

 

Customers should back up their installer files before they get corrupted, or their site brought down by a DNS attack.

 

Personally, I wouldn't touch `em with a barge pole. Any organisation or individual that thinks the rules don't apply to them is inherently untrustworthy.

 

Vacuous apologies and minor tweaks to installers don't diminish the untrustworthiness.

Link to comment
Share on other sites

Eesh, the amount of people on their forums who really have trouble understanding the issue with what they did is absolutely frightening (and even more annoying, those on their forums who seem to think it being FSLabs' software means anything goes/they can do anything - ignoring that there are laws and social norms regarding data collection, etc) - from the shady way they added this software, to how it operates, to the fact that it will decrypt Chrome credentials for ANYONE who uses the computer in question, and sends it over HTTP, UNENCRYPTED (as opposed to HTTPS), which provides a HUGE potential for fraud, identity theft.
Link to comment
Share on other sites

Lost in all the noise and rampant hysteria is one singular fact:

 

One and only one specific serial number activated this program. For everyone else, the .exe file was deleted completely, safely and silently.

 

Don't believe me? Scan your system with any and all AV software as you wish. You will not find a trace of this anywhere...

 

Before bringing out the pitchforks and lighting those torches, please understand that I too think what FS Labs did was incredibly stupid. In no way do I condone their actions!

Bill Leaming http://smileys.sur-la-toile.com/repository/Combat/0054.gif

Gauge Programming - 3d Modeling Military Visualizations

Flightsim.com Panels & Gauges Forum Moderator

Flightsim Rig: Intel Core i7-2600K - 8GB DDR3 1333 - EVGA GTX770 4GB - Win7 64bit Home Premium

Development Rig1: Intel Core i7-3770k - 16GB DDR3 - Dual Radeon HD7770 SLI 1GB - Win7 64bit Professional

Development Rig2: Intel Core i7-860 - 8GB DDR3 Corsair - GeForce GTS240 1GB - Win7 64bit Home Premium

NOTE: Unless explicitly stated in the post, everything written by my hand is MY opinion. I do NOT speak for any company, real or imagined...

Link to comment
Share on other sites

One and only one specific serial number activated this program. For everyone else, the .exe file was deleted completely, safely and silently.

 

Can you or anyone else guarantee with 100% certainty that this will always be the case? Or that someone else couldn't find a way to take advantage of the situation, especially now that it is widely known? According to one review of the files and server the data was being sent too, the data wasn't encrypted and the server had the Windows RDP ports exposed to the internet. Not exactly reassuring. See the CCleaner infection from last summer for one example where malicious hackers broke into a legitimate company's servers through security holes and infected the downloads.

 

https://www.fidusinfosec.com/fslabs-flight-simulation-labs-dropping-malware-to-combat-piracy/

 

The backlash from the flight sim community and elsewhere, I think, is rightly justified to make it clear to all developers that installing malware is without question unacceptable.

 

This is also a good time to highlight that one should not use the save password functionality in web browsers. Standalone password managers such as 1Password, Dashlane and Keepass are far better solutions.

Link to comment
Share on other sites

Can you or anyone else guarantee with 100% certainty that this will always be the case? Or that someone else couldn't find a way to take advantage of the situation, especially now that it is widely known? According to one review of the files and server the data was being sent too, the data wasn't encrypted and the server had the Windows RDP ports exposed to the internet. Not exactly reassuring. See the CCleaner infection from last summer for one example where malicious hackers broke into a legitimate company's servers through security holes and infected the downloads.

 

https://www.fidusinfosec.com/fslabs-flight-simulation-labs-dropping-malware-to-combat-piracy/

 

The backlash from the flight sim community and elsewhere, I think, is rightly justified to make it clear to all developers that installing malware is without question unacceptable.

 

This is also a good time to highlight that one should not use the save password functionality in web browsers. Standalone password managers such as 1Password, Dashlane and Keepass are far better solutions.

 

Better still, UNPLUG: The sims only require a live connection at the whim of an aftermarket supplier, And FS Lapdogs prove they are inherently untrustworthy. Much like ORBX a few years ago. Everyone else should be subject to independent scrutiny.

After all, they're using the world wide web to disseminate the products...

 

It's time to separate the piracy of personal greed from the complicity of corporate gain. And if that means assessing the large proportion of innocent developers as potential criminals? Well THEY can blame the likes of FSlabs and ORBX for starting it...

Link to comment
Share on other sites

Lesh, you are the one who is being economical with the truth.

Malware?? Installed??

 

Just read the statement FSLabs gave. the link was also posted in pst 7, I will post it again below so you can read it at your leasure.

 

1) First of all - there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.

 

2) There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites.

 

3) If such a specific serial number is used by a pirate (a person who has illegally obtained our software) and the installer verifies this against the pirate serial numbers stored in our server database, it takes specific measures to alert us. "Test.exe" is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally. That program is only extracted temporarily and is never under any circumstances used in legitimate copies of the product. The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).

 

Source:

https://forums.flightsimlabs.com/index.php?/announcement/10-a320-x-drm-clarification/

 

See, only temporarily, so not "installed".

And, not in legally purchased copies.

 

Maybe Lesh you should complain to the companies such as ThePirateBay, RuTracker and other such malicious sites.

[sIGPIC][/sIGPIC]
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...