Valve has announced the implementation of a new security measure for developers to prevent the spread of malware on Steam. The latter must go through double authentication by SMS to publish their games as well as updates. However, some voices are being raised to denounce an ineffective solution.
You know the drill: the more popular a platform is, the more likely it is to attract hackers and, in fact, host malware in spite of itself. Steam is no exception to the rule and, regularly, malware roams freely in games and other mods downloaded by players. But, lately, a much more worrying phenomenon is taking place. Pirates indeed manage to take control of developers’ accounts to inject malware directly into their gamesinitially perfectly harmless.
Since August, the number of reports has exploded on Steamworks, the Steam platform that allows developers to publish their games and manage their various features, such as multiplayer and microtransactions. It is through this that hackers distribute their malware, via seemingly secure updates. Currently, only a few hundred players have been infected, Valve assures. But to prevent the situation from degenerating, new security measures are necessary.
On the same subject — Steam cannot block the activation of a game depending on the country of purchase, Europe confirms
Steam requires two-factor authentication for developers for greater security
From October 24, developers will have to pass double authentication by SMS to connect to their Steamwork account and therefore publish or update their video. Note that betas are not affected. No alternative will be offered, so a telephone will be required to complete the process.
Although this new rule may be reassuring at first glance, some developers nevertheless denounce a false solution to the problem. One of them, Benoît Freslon, victim of one of these hacks, explains in particular that double authentication in no way prevents the hacker who has taken possession of his account from continuing to distribute his malware.
As noted by our colleagues at Bleeping Computer, Valve could instead opt for an authentication application, or even security keys to increase the security of its platform.
Source: Valve