EA Origin Hack Allows Takeover of Your PC
ReVuln, a security company that has found security vulnerabilities in CryEngine 3 and Modern Warfare 3, Steam and other programs, has now found an exploit using EA's Origin. Showcased at Black Hat security conference in Amsterdam and detailed in a paper, the method used the specially constructed links.
Origin uses its own links (origin://***) to activate and launch games. It is possible to construct a special link which will silently ask Origin to launch something else on the system without alerting the user. That in turn can be used to install hacking tools on user's PC which will give hackers full control of it. The way attack is constructed allow it to work even if Origin isn't running, but just installed. There is no comment from EA so far, but there are ways to safeguard your computer from such attack. The recommended one is to set your browser to always ask what to do with orgin:// links. That would be slightly annoying, but it won't hurt legitimate functionality (f.e. Battlelog), while allowing you to see if something is wrong (unrelated site asking to launch Origin).