Riot trust Valorant's anti-cheat so much, they'll pay big bucks for exposing flaws

HomeNewsValorant

Riot trust Valorant’s anti-cheat so much, they’ll pay big bucks for exposing flawsHigh-stakes Bounty Hunting

High-stakes Bounty Hunting

ForValorant, Riot’s new Counter-Strike-with-Superpowers FPS, regular anti-cheat was never gonna cut it.From the beginning, they’ve been flaunting the shooter’s technical guts - 128-tick servers, flawless ping, and an anti-cheat system that makes it “impossible for a player to cheat in game-defying ways”. But that level of protection comes with a level of access that’s raised a fair few concerns.

In an attempt to reassure fans, Riot are awarding up to £80,000 to anyone who manages to useValorant’s anti-cheat for ill-will.

Over the last week or so, Valorant’s new “Vanguard” anti-cheat system has come under fire for its alleged invasiveness. I’m not much of a tech buff, but from what I understand, one of Vanguard’s component is a kernel-level (or Ring 0) driver that runs at start-up, with full administrator privileges. It can be removed, sure, but Valorant won’t run without it. This, naturally, raised concerns that Riot are giving themselves unwarranted access to your machine’s deepest, darkest systems.

Besides, Riot claim Vanguard “isn’t giving us any surveillance capability we didn’t already have”. In their own words, “if we cared about grandma’s secret recipe for the perfect Christmas casserole, we’d find no issue in obtaining it strictly from user-mode and then selling it to The Food Network”. Thanks, I guess?

Even if Riot don’t intend on hijacking your PC, there’s always the fear that more malicious actors could piggyback off of Vanguard. Yesterday, Riot opened up a bug bounty onHackerOne, offering increasingly lofty sums for vulnerabilities discovered in their anti-cheat system (viaKotaku).

These start high, and only get higher. Accessing admin-level privileges on a local guest account might net you $25,000 (a little over £20,000). But if you’re aiming for the big bucks, you’ll be trying to find ways to execute your own kernel-level code on a target machine without alerting the system’s user. For that, Riot are paying out a hefty $100,000 (roughly £80,777).

Riot have historically used bug bounties to hunt for vulnerabilities, but these rewards are unusually massive. Similar operations fromNintendoandRockstar, for example, cap out at about $10,000-20,000.

Unfortunately, it wasn’t ever going to be long before the cheater vs anti-cheat arms race kicked off. Last week, Riot announced they’d had tostart dishing out bans, on top of all thekey-resellers and bot accountsflooding the closed beta.