In October, Activision announced it had fixed a flaw in its Ricochet anti-cheat system that caused “a small number” of legitimate Call of Duty players to be mistakenly banned. However, according to the hacker who exploited this bug, the issue was far more extensive. The hacker, known as Vizor, claims to have banned “thousands” of players, framing them as cheaters by manipulating the anti-cheat mechanism.
Vizor explained that they had discovered a way to trigger Ricochet’s ban function through a simple in-game private message, or “whisper.” Ricochet’s anti-cheat system relied on certain hardcoded text strings, or “signatures,” to identify cheats. One example was the term “Trigger Bot,” which refers to an automated cheat that triggers a player’s weapon when it locks onto a target. By sending an unsuspecting player a message containing a flagged keyword, Vizor could get that player banned.
“I could have kept using this exploit indefinitely, as long as I avoided targeting well-known players,” said Vizor, calling it “funny to abuse.” In fact, Vizor even developed an automated script that would join games, post a message containing a flagged keyword, leave, and repeat, allowing them to keep banning players even while they were offline.
Zebleer, a known developer in the Call of Duty cheating community, introduced Vizor and revealed they had observed Vizor’s exploit firsthand. Zebleer also published the exploit details, ultimately bringing the flaw to Activision’s attention.
Hackers have long targeted online games to gain advantages, and selling cheat programs has become a significant market. In response, companies like Activision have employed advanced anti-cheat systems. Ricochet, released in 2021, was designed to detect unauthorized behavior by scanning a player’s device memory, and it operates at the kernel level for enhanced security. However, Vizor’s discovery exposed a vulnerability in this system: Ricochet’s reliance on basic string recognition made it susceptible to manipulation.
Vizor initially tested the exploit by sending a flagged message to themselves, leading to an instant ban. The hacker described the Ricochet system’s approach to memory scanning as “prone to false positives,” questioning why Activision’s system would ban based on simple string matches without context.
A former Activision employee, speaking anonymously, confirmed that Ricochet’s anti-cheat was indeed using specific keywords to detect cheats. They added, “It’s shocking that [Activision] allowed bans based on such simple memory scans. They should have protected these detection methods better.”
During the months Vizor exploited this vulnerability, some prominent players were mistakenly banned. Some were later unbanned after the issue became public and Activision resolved the flaw.
Reflecting on the aftermath, Vizor noted, “It was satisfying to see it fixed and players unbanned. I had my fun.”
