Modder says Elden Ring may be vulnerable to the same security flaws as Dark Souls
Users who found the exploit suspect the new game could suffer the same issues.
The security vulnerability that has kept the Dark Souls series offline on PC for over a week could affect Elden Ring, according to a report by VGC. Dark Souls: Remastered and Prepare to Die Edition, Dark Souls 2, and Dark Souls 3 players have all been susceptible to one or more remote code execution vulnerabilities, which could allow a malicious hacker to take control of their PCs. One modder who reported an exploit believes Elden Ring could face the same problem because it uses the same netcode.
"I’ve had the chance to see code from the closed network test and can already tell you that there are a lot of crashes and vulnerabilities in Elden Ring’s netcode, the exact same ones as in Dark Souls 3 actually! So, I suspect it’s going to take five minutes for cheaters from Dark Souls 3 to port their scripts to Elden Ring and make release day a hellscape," said LukeYui, the creator of Blue Sentinel, a mod that fixes over 100 cheats in Dark Souls 3.
According to Elden Ring's EULA, the game uses EasyAntiCheat. Another person who discovered the most recent exploit told VGC that EasyAntiCheat will only create a higher barrier to entry for cheaters—the vulnerabilities in the game's code will still exist for anyone who does break through EasyAntiCheat, they said.
Apart from taking the games' PvP servers offline, FromSoftware and Bandai Namco have said little else about how they're addressing the security flaw. We contacted the publisher about it but have yet to receive a response.
LukeYui said they have found similar issues with Dark Souls 3 in 2019 and made reports to Bandai Namco. Though the publisher has fixed some of the minor issues, the majority of them have been left unfixed.
When Dark Souls 3 launched in 2016, it included an issue called "item injection," where players would shove hacked items into the inventory of other players which permanently broke their other items. The Souls games have a long history with PvP exploits and hackers stretching all the way back to Demon's Souls in 2009. It'd be nice to play Elden Ring in peace when it's out later this month—hopefully FromSoftware can at least address the most dire vulnerabilities in the day one patch, since Elden Ring has already gone gold.