"Hacker claims to have blocked 'thousands' of Call of Duty players by exploiting a vulnerability in the anti-cheat system."

In October, the video game giant Activision announced that it had resolved an issue in its anti-cheat system that affected a "small number of legitimate accounts," which were being blocked due to this error. However, a hacker who discovered and exploited this vulnerability claimed that they actually managed to ban "thousands and thousands" of Call of Duty players who were falsely accused of cheating. This hacker, known as Vizor, shared their version of the story with TechCrunch.

"I could have done this for years, and while I was choosing random players and not anyone famous, I would have gone unnoticed," Vizor commented, finding the situation "amusing." Vizor's introduction to TechCrunch was thanks to Zebleer, a cheat developer familiar with the Call of Duty hacking scene. According to Zebleer, he had been in contact with Vizor for several months and was therefore aware of the exploit Vizor was using.

Over the years, hackers have been constantly searching for imperfections in online video games to find ways to install and utilize cheats that provide unfair advantages to players. Some cheat developers, like Zebleer, offer their programs as a service and, in some cases, make millions of dollars. In response to this issue, video game companies have started hiring cybersecurity specialists to create and refine their anti-cheat systems with the aim of detecting and banning offenders. Activision, for its part, launched its Ricochet system in 2021, which operates at the kernel level to further complicate things for cheat developers.

Vizor noted that he found a particular way to exploit Ricochet, using it against the players it was designed to protect. The hacker realized that Ricochet used a list of encoded string signatures to detect cheaters. For example, one of these strings was "Trigger Bot," which refers to a cheat that causes a cheater's weapon to fire automatically when aiming at a target. Vizor discovered that he could send a private message, known as a "whisper" in the game, that included one of these encoded strings, such as "Trigger Bot," resulting in the banishment of the player to whom he had sent the message.

"I realized that the Ricochet system was probably scanning players' devices for strings to determine who was a cheater or not. This is pretty normal to do, but scanning such a large memory space with just an ASCII string and basing bans on that is extremely error-prone," Vizor explained, referring to the fact that the game examined prohibited keywords without considering the context. "The same day I discovered this, I got banned by sending myself a whisper message with one of the strings."

At one point, Vizor developed a script that automated the process: "join a game, send a message, leave the game, join a new game, repeat," allowing him to ban random players while on vacation. Over the months, he noticed that Activision was adding new signatures to its anti-cheat system, which he quickly identified in order to keep banning players. "I was more active in the pranks when the Ricochet team added new signatures. So if I checked the memory region and saw a new string, I would go wild with it so they would think they were detecting real cheaters," Vizor shared.

Activision did not respond to a request for comment on the matter. A person who had previously worked at Activision and still had knowledge of the company’s security and anti-cheat team activities commented that Ricochet was scanning certain signatures and that this could have been exploited against the system. "If you know what signature the anti-cheat is looking for, you find a mechanism to introduce those bytes into the game process and end up banned," explained the source, who preferred to remain anonymous. "I can’t believe [Activision] is banning people based on a memory scan of 'trigger bot.' That’s incredibly stupid, and they should have protected the signatures. That’s amateur work."

In addition to random players, Vizor also targeted some recognized players. During the time he used the exploit, several video game streamers reported on X that they had been banned and later reinstated once Activision fixed the error. The company was alerted to the existence of the bug when Zebleer posted details of the exploit on the same platform. "It was nice to see it get fixed and for some to be unbanned," Vizor concluded. "I had a lot of fun."