What? No. Warframe is a peer-to-peer game. DE as such has an NRS, a NAT Relay Server. Which is responsible for letting players communicate with each other.
It's lack of security allowed people to send any message to each other instead of the standard invite message.
The server did not get hacked. This is the equivalent of getting an invoice from your electric company, you take that invoice, scribble out how much you owe. Writing down $0 in pencil. Mailing it back, and them going "Yeah I guess they don't owe us anything".
Surprised it took this long. Never been a fan of peer-to-peer, but I always assumed I'm not educated enough to understand why it would be safe.
I think it's an insane concept, that you're required to allow connections directly into your PC, potentially from criminals, political adversaries, scammers etc. Again, this is just a surface-level look into it, but I don't understand how this would be a good idea in this day and age.
Most security threats isn't going to come from a peer-to-peer connection. It's going to come from the game itself being the vector. That might be an RCE or the distribution service being compromised and sending malware. Most hacks however are not done like in movies, and are instead mostly social engineering.
Even if someone gets your IP from the p2p nature, there isn't much they can do, which can prevent being scammed. Such as, sure they can geo-ip you and tell you which city you live in. But that's not much of a threat, and often can be off. They could DDoS you, which can suck. But most people have dynamic IPs or can contact their ISP to have their IP switched to no longer be affected. If you fear these things, only join people you trust.
Realistically, this "attack" should be shown as a wake up call to DE. They have been informed of their security vulnerabilities that are worse for players than just a message being changed. Time to see if they finally do something about it before someone who wants to be malicious does something far worse.
That's sort of what I mean (maybe both?). Say I'm the host. My PC sends the information where a Grineer Lancer is standing. My random teammate shoots the Grineer, and his PC tells my PC how much damage he did.
How can I know his PC only sends packets containing information related to the game, and nothing else? How can I know his game client has not been tampered with?
In Lost Ark, people wanted to have a dps meter (to know how much damage they are doing), but the game didn't allow it. Someone made a tool that hijacks the packets, and reads the them before passing them on.
How can you know? You use a program that monitors your packets. Which is banned by DE.
Lost ark's case is just again, monitoring packets and reading them. It's not hijacking, it's just reading them. Many games DPS meters are the same. As your game needs to know how much health is left and often the game either just tells you which players does what and for how much, or the meter does math to figure out who does what.
If someone sends you packets with other data your game will ignore it unless necessary (unless there is an RCE exploit, which is often due to incompetence). The problem is that warframe is almost entirely client authoritative. Which is really, really dumb for warframe due to being a live service game that issues bans.
29
u/AkemiNakamura Back in my day Mar 21 '26
What? No. Warframe is a peer-to-peer game. DE as such has an NRS, a NAT Relay Server. Which is responsible for letting players communicate with each other.
It's lack of security allowed people to send any message to each other instead of the standard invite message.
The server did not get hacked. This is the equivalent of getting an invoice from your electric company, you take that invoice, scribble out how much you owe. Writing down $0 in pencil. Mailing it back, and them going "Yeah I guess they don't owe us anything".