Among Us is a role-playing game that has a similarity to the game genre “werewolves”. Even so, many players are complaining about the game cheating.
With simple graphics, easy-to-understand storyline, Among Us is creating a fever among young people. As of the end of September 2020, the game has more than 86.6 million downloads on mobile devices worldwide.

However, on November 17, James Sebree, a researcher at security firm Tenable, announced a series of vulnerabilities that allow users to cheat in the game.

On his personal blog, Sebree said that after 2 months of monitoring, he can control his character to destroy any player at will, even impersonating another player, teleporting or teleportation. across the wall. At the end of September, Sebree and a few friends began looking at Among Us’s programming code, in hopes of fixing the default number of people joining the game.

“When I started digging into the game, I noticed a bunch of problems, any kind of hack can happen,” remarked Sebree.

According to Sebree, the crux of security flaws originating from the server. They are not designed to authenticate information running on a user’s computer, which is a basic anti-fraud measure in most PC games.

Through the dnSpy and IL2CPP tools, Sebree was able to reverse everything. He creates a modified version of Among Us and sends these dummy data to the server.

James Sebree was the first person to fully disclose these acts, but not the only one to commit fraudulent manipulations.

Since the beginning of October, many players Among Us have started complaining about hacking in the game. Some players have even been sent a series of spam emails calling for supporting President Donald Trump’s election. Sebree believes he can reproduce the attack thanks to the holes in the game.

After being contacted by Wired, Innersloth, developer Among Us, said the company is still looking into this situation. Before that, Sebree has repeatedly contacted Innersloth to share his findings.

According to Sebree, some errors such as changing character colors, identifying villains or destroying other players have been immediately fixed. Even so, some other bugs still work. These vulnerabilities are all the result of a lack of data validation from the server, but some will require a separate patch.

Not only Among Us, Sebree also owns a “collection” of hacking techniques in Fall Guys, another famous game. If developers use tools like Unity to reduce barriers when building games, basic bugs like this will inevitably happen.

However, Sebree is still hoping that his findings will motivate developers to better secure their games.