Many game genres, such as e-sports, real-time strategy games, and MOBAs, have been under increasing threat from advanced cheaters and hackers. The game industry suffered from more than 12 billion cyberattacks in 2019 alone, and a recent global gaming study revealed that 60% of gamers have had their multiplayer gaming experience negatively impacted by cheating.
While publishers and developers are increasingly aware of the risks to their revenue and proprietary game logic, many continue to decry hacking and cheating as simply the cost of doing business. This sentiment is eerily similar to how many enterprises viewed proliferating cybersecurity risks in the late 2000s and early 2010s, before cyberattacks became so commonplace that they couldn’t ignore them anymore.
Fortunately, the tech giants behind several of the top game consoles are beginning to understand the threat, taking actions to help game publishers and developers mitigate risk. Just last month, Sony announced that it was making Denuvo’s anti-cheat API available to all game publishers and developers via the PlayStation 5 Tools and Middleware program.
Adversaries make the shift to mobile gaming
While vulnerabilities remain high, hackers and cheaters have taken notice of the industry’s evolving security mindset, facilitated in large part by players sick and tired of disruption to their gaming experience. Thus, hackers and cheaters have slowly begun to reprioritize their targets, moving toward mobile gaming. Now mobile gaming cheats are increasingly being sold on cheat forums and encrypted websites, and earlier this year police busted what has been called the world’s largest video game cheat operation — seizing the assets of an operation called “Chicken Drumstick,” which sold cheats to popular games like Call of Duty Mobile.
GamesBeat Next 2023
Join the GamesBeat community in San Francisco this October 24-25. You’ll hear from the brightest minds within the gaming industry on latest developments and their take on the future of gaming.
When a game is targeted by hackers and cheaters, the entire integrity of the game is put at risk. Gamers are motivated by the possibility of winning, and when cheaters disrupt that — such as with the major cheats on Call of Duty Mobile or Fortnite — they can become disengaged. For a $174 billion dollar industry, the loss of players disgruntled by cheaters with an unfair advantage can be detrimental.
The mobile gaming threat landscape is vast, with five key threats posing a risk to game publishers and developers. Those include:
- Redistributing apps to ship malware and/or steal information
- Replacing the original payment and ad settings
- Bypassing in-app billing to fast-track game progress
- App piracy, cloning, and copycatting
- Multiplayer cheating
Unfortunately, modifying app packages isn’t a particularly difficult task for hackers and cheaters to pull off, as many tools exist to make this process quite trivial. In most situations, bad actors simply need to analyze an application and find code or data to patch. They can then modify the application code or data and repackage the app for distribution on any of the thousands of cracking sites.
Readily available memory editors also simplify the process for hacking mobile gaming apps. With such tools on hand, adversaries can automate the process of searching for sensitive code or data to alter.
Reducing mobile gaming cyber-risk before it’s too late
The mobile gaming industry is expected to surpass $100 billion in revenue by 2023 unless the hacking and cheating epidemic begins to turn users away from the platform at scale. According to a Global Gaming Survey, 78% of gamers say they would leave a game if there are cheaters, and 46% said that they are less likely to buy in-game content if they encounter cheating. Fortunately, there are countermeasures that can be put in place to reduce risk and secure the gaming experience.
First, game publishers and developers should implement security by design, shifting logic to the server, enacting a zero-trust policy with the client, securing server APIs and validating all client input. This layer of protection should be supplemented with passive prevention, which can make it hard for an attacker to understand what to attack via obfuscation of important data and game state. Finally, a layer of active prevention – including procedures and techniques like integrity verification, anti-debugging, hook detection, root detection, protection against memory editors and emulator detection – can help mitigate risk by performing integrity verification, impeding debugging and hooking attempts and performing root detection.
There is a misconception that mobile games protection is meant only for the blockbuster games from triple-A studios. The truth is that such protections are important for all games. It’s important to utilize a solution that is affordable, easy and fast to implement, doesn’t require any game source code modification, and most importantly, has zero impact on a legitimate gamer’s in-game experience.
Hackers and cheaters will always follow the money, and unfortunately the illusion of riches has brought them to mobile games. Now it’s up to everyone in the mobile gaming ecosystem — from game publishers, developers and operators to the platforms and players themselves — to do their part in reducing risk so as to ensure an optimal gaming experience. The future of mobile gaming is dependent upon our collective success.
Reinhard Blaukovitsch is the founder and managing director of Denuvo by Irdeto, where he is responsible for leading strategy and management of the gaming segment.
GamesBeat's creed when covering the game industry is "where passion meets business." What does this mean? We want to tell you how the news matters to you -- not just as a decision-maker at a game studio, but also as a fan of games. Whether you read our articles, listen to our podcasts, or watch our videos, GamesBeat will help you learn about the industry and enjoy engaging with it. Discover our Briefings.