I'm so confused.

0.32.5 is the most urgent an update has been released and I didn't notice it until two days after it released. Why are the patch notes so vague? And why are mod approvals suspended until further notice? What is going on?

 

wait I think I remember some sort of hack going around that exploited a beam vulnerability through mods
--- Post updated ---
its probably related to that

 

you mean the whole Disney thing? yeah that might be it...

 

deleted

 

it was all over some subreddits for a day, I mean hacking Disney is a pretty big thing...

 

Off-topic but didn't you used to be VinsWie?

 

yeah... the name change was done a few days ago. The main reason was that there was a Steam scammer going around using my name and obviously I didn't want to be associated with that guy. And btw: if any of you got a Steam message with a guy using my previous name asking you for gift cards or anything, that was not me!

 

Man Steam scammers are smart in the most annoying ways.

 

yeah BeamNG has gotten front-and-center attention by everyone, including law enforcement (possibly due to it being theft of confidential information).

i wouldn't be surprised if they halted everything due to an investigation, that might include current development.

 

I really just hope they don't get in a legal fight with Disney because we know how those end...

 

it was the same group that hacked Disney but the beam exploit was not used in the hack to my knowledge and even if it was used why would beam be at fault that the hackers hacked them

 

yeah, I mean the Beam even warns not to download from these shmitty Russian sites and if the employee is just too incompetent to not download everything without checking, he shouldn't even be working for such a company in the first place

 

suposedly a modland mod (suposedly a mk4 golf leaked mod) on some disney guys work computer and thats how he got hacked
i think they are trying to patch the hack but workarounds may have been found so thats why the .32.5 update. most likely someone has tried to upload viruses to the repository and since they may be hard to check for the virus they have just halted any mod uploads until they can fi xit

 

I doubt they allow obfuscated code in repository mods which means it'll be pretty much impossible for malicious code to go unnoticed on the repo, though they might double down on their verification process especially if there are lua scripts, even more so if said scripts contain calls to the LuaJIT FFI library (which I'd be willing to bet is the case only for a very tiny minority of mods on the repo).

Patching the actual vulnerability might be tricky, because running C code is a part of LuaJIT and from what I've seen looking at vanilla code it's used quite a bit. We might see something along the lines of an in-game "antivirus" that detects mod scripts that contain the FFI library and blocks loading of that script during game start unless it's a verified repo mod or has been manually added to a whitelist by the player, with some UI message after launch about potentially dangerous mod files being detected.

At this point if you're seeing that message after installing some modland meshslap on your 80+ billion dollar yearly revenue company work computer and you allow it to load, there's nothing anyone can do to help you.

 

i mean that multiple ppl might have tried to upload it and incase it gets past them they have stopped repo uploads temporarly

 

and knowing that the code for the malware is now public, i wouldn't be surprised if that's the case.

 

I really hope this serves as a clear example to why you should never download mods from any other website that isn't the Official Beamng Forums or Repository, and hopefully we can get each one of them banned out of the internet

 

Does anyone know if there’s proof showing the supposed hacker/hackers claimed it was a Disney manager downloading a game mod? They’ve been plastering malware all over the internet, and a few sources use them as their reference. But after looking at their site and Twitter all I see is a fabricated publicity stunt identity and motives alongside a few flaunty blog posts. Nothing reputable outside of news sources (which are known for snowballing off of each other and get things wrong) indicate the Disney situation was even tied to a game mod.

 

The only "source" I could find which talked about a beamng mod was from a Gaming Newspage called "PCGamer" which does not have any actual proven source: https://www.pcgamer.com/software/se...-and-says-its-because-club-penguin-shut-down/

More trustable sources like BBC News DO NOT mention anything related to beamng nor any game mod: https://www.bbc.com/news/articles/cprq1d280ggo

Same with CNN, who claims the hacker had access to "cookies" and was Russian: https://edition.cnn.com/2024/07/15/business/internal-disney-slack-leak-hacker-group/index.html

Then there's this other website called "Cybersecuritynews" where they talk about the user NullBulge and his "hacking methods" which he used to leak Disney's data. Here it is also mentioned that he targeted beamng players so that kind of implies he used mods to do so: https://cybersecuritynews.com/tools-used-nullbulge-disney-slack-leak/
Again, this might not be a trusted source

Edit: there's another post by "TheDrive.com" where it is indeed claimed the hack was done through a beamng mod: https://www.thedrive.com/news/cultu...ng-sim-to-pull-off-massive-disney-data-breach
I do not know how trustable this news source is though

 

The mentioned privilege escalation exploit has already been fixed since version 0.32.3 on the 09.07.2024 aka a month after its report which happend on the 03.06.2024. The reason why users or companies may have a case is not just because it took that long to fix it, but also because the company didnt warn their users about it as soon as they got to know about it (maybe commercial users got warned? idk). Even after the fix, there was no statement about it. Thats where i see potential liability.

But be aware that not just luajit can be the cause to escape the environment, the cef of the game is also super old and likely attackable if you just give it a dive. Good that there are some people looking into each and every part of this game right at this moment to find everything that could maybe be misused. The fix in 0.32.5 is pretty much just another outcome of that. Which is good, but id wish the company to be more open to its users when someone discovers something not just insiders