If an application from a Chinese company installed a kernel driver onto your system with complete access to your computer, but they pinky-promised not to abuse this access and power, would you install the application? Well, if you’re interested in Riot Games’ new hit game Valorant, that’s exactly the question you’re going to have to answer.
Riot Games, the company behind one of the most popular games in the world, League of Legends, recently starting publicly beta testing their new game, Valorant. Two months ago, the company penned a rather condescending blog post detailing their future anti-cheat technology, which would include a Windows kernel driver (running in ring 0, in x86 parlance). Valorant is their first game using this kernel driver, and as it turns out, this kernel driver starts at boot, and due to its very nature has full system access, even when you’re not running Valorant.
According to Riot Games, we just have to trust them on their blue eyes that their kernel driver is fully secure and won’t be exploited by malicious third parties, and that the company won’t use it to spy on people or otherwise violate their privacy. Riot states on Reddit that “multiple external security research teams” have reviewed the driver, but as far as I can tell, these reviews have not been published for public vetting.
What we’re dealing with here is a rootkit, a method more and more anti-cheat systems are employing in the fight against cheating. The argument is that game developers need full, complete, and total access to your system in order to prevent you from cheating, and a kernel driver is how they do it.
There’s a long history of these sorts of things going horribly, horribly wrong. We all still remember the Sony rootkit debacle, where Sony CDs installed rootkits on users’ computers that ended up being exploited left, right, and centre by malicious parties. In 2016, Capcom installed a similar rootkit meant for anti-cheat with Street Fight V, which was an absolute security train wreck. And closer to home for Riot, the game client for their very own League of Legends installed crypto miners on users’ computers in the Philippines.
Despite the inherent dangers in installing closed-source security-by-obscurity rootkits, Riot is dead-set on continuing to use them, and it’s only a matter of time before their rootkit will be forced upon League of Legends players as well – which in my case means I won’t be able to play League of Legends anymore even if I wanted their rootkit on my computer, since I play on Linux through Wine/Lutris, which doesn’t support kernel drivers at all.
Players of Riot’s games will have to ask themselves if they trust Riot to install a rootkit with complete and full access to their system – browsing history, chat logs, email, everything. You have to trust Riot when they say the rootkit is “secure” and won’t be exploited by malicious third parties, and that the company itself won’t use it to invade your privacy.
Interesting sidenote: Riot Games is owned by the Chinese company Tencent, the company behind WeChat. Tencent is, for all intents and purposes, an arm of the Chinese government, so not only do you have to trust Riot Games, you also have to trust their owner, Tencent, as well as who Tencent literally answers to – the Chinese government.
I’m not going to tell anyone what they should or should not do with their computers, and if you trust Riot, Tencent, and the Chinese government enough to let them install a rootkit on your computer, then that’s your right to do so. However, I do feel users need to be at least aware of the choice they’re making.