The prize for The International, a massive professional tournament for the video game Dota 2, is over $23 million and still growing as a percentage of player purchases goes toward the pot. That’s more than double what’s offered at the U.S. Masters, and a little more than half the total purse for Wimbledon. In other words, there are serious incentives for cheating — which is why it’s so interesting that two security researchers, Mark Williams and Rob Stanley, have figured out how a player could hack their mouse to circumvent anti-cheating protections.
Computers at esports tournaments are highly isolated. They run on a local network operated by the tournament administrators, so there typically isn’t any internet access to download cheats. The computers’ extra USB ports are disabled, so that means secretly sticking in a cheat-filled USB drive isn’t possible. Each player has their own tailored hard drive supplied by the tournament organizers with keyboard and mouse drivers pre-installed, but those are typically set up so that only a few applications can run, such as the game client itself.
There’s one weak point: Players are allowed to bring their own high end mice and keyboards. That’s because these players have sponsorship deals with companies like Logitech and Razer, and rely on their specific gear in the same way a tennis player would prefer a certain racket.
At this year’s DEF CON hacker convention in Las Vegas, Williams and Stanley demonstrated how a player could exploit this rule in order to gain an edge. Fancy gaming mice are not like regular mice: They contain an ARM microprocessor to ensure high fidelity, speed, and precision. In other words, the mouse is also a computer. These mice also have memory that can store data, which allows them to retain user settings between multiple computers. The researchers took apart the mouse, soldered three wires to its circuit board in order to gain access to the microprocessor, rewrote its embedded software, and added the payload — the hack itself — to the binary code of the microprocessor.
When the hacked mouse is then plugged into the computer, it’s recognized as a keyboard instead of a mouse. The cheat program opens a text editor, writes out some code using its “keyboard,” saves it as a .bat file, and runs the just-written program. Then the mouse returns to being a regular mouse so the player can use it in the game.
Such a hack could be used to make tiny modifications, such as moving a shot from a gun three pixels so that it inflicts slightly more damage. When video games are played at such a high level, even just a small, unnoticeable advantage can be a huge leg up.
This cheat is not entirely practical, since a cheater would have to make sure no one could see what was happening on the screen as the mouse wrote its code. But game companies that administer these tournament would likely be concerned. Cheating damages a tournament’s reputation and cause a logistical crisis around retracting the results.
That’s probably why, at the end of the talk, an employee at Electronic Arts — which owns and operates multiple professional video game titles — walked up to the stage and handed Williams his business card.