Riot’s Vanguard Anti-Cheat Remains a Security Risk
Concerns about VALORANT’s anti-cheat measures started to surface a few days after the launch of the closed beta in early April. Reddit user U/voidox did some digging into the anti-cheat software and published their security concerns on r/PCgaming. Riot has sought to address these concerns and reassure players that their data is safe, but they haven’t adjusted any of the security flaws that people are concerned with.
Although the company has made some updates recently which gives players the ability to disable the tool when not playing VALORANT, many security experts are still raising red flags about how the tool works in the first place.
Anti-cheat systems are essential to creating and maintaining the competitive integrity of any online multiplayer game. This is particularly the case when the game is free-to-play, like VALORANT. Free-to-play titles often suffer from a high percentage of cheaters. After all, if cheaters get caught cheating on a free account, receiving a ban costs them nothing. VALORANT is designed from the ground up to be a highly competitive game, so cheaters represent a huge threat to the legitimacy and enjoyment of the game. That is where Vanguard comes in.
Vanguard is Riot’s custom anti-cheat solution, tasked with automatically detecting and banning cheaters in online matches. According to Riot Games Vanguard support page, “Riot Vanguard is Riot Games’ custom game security software, designed to uphold the highest levels of competitive integrity for our offerings. Riot Vanguard consists of a client that runs while VALORANT is active, as well as the usage of a kernel mode driver.”
The kernel mode driver runs in the background of your system unless manually turned off by the user. Vanguard doesn’t consider a computer to be trustworthy unless the kernel driver launches at system start up and continuously runs in the background of your computer. According to Riot’s anti-cheat lead Paul Chamberlain in a post on reddit, “This is good for stopping cheaters because a common way to bypass anti-cheat systems is to load cheats before the anti-cheat system starts and either modify the system components to contain the cheat or to have the cheat tamper with the anti-cheat system as it loads. Running the driver at system start up time makes this significantly more difficult.”
Why people are concerned
Although the Vanguard system is undoubtedly very effective against cheaters, it also exposes users to privacy risks. The invasive nature of the Vanguard system has left many gamers and experts concerned that the anti-cheat system could be used to compromise players’ machines, leading to the question: is it actually safe to install Vanguard to your computer?
Riot claims that there is nothing to worry about, saying, “Both the client and the driver of Riot Vanguard have been developed in-house, with both game safety and personal computer safety being a priority. We’ve made this commitment through extensive testing and by reviewing the product both internally and with external security reviews by industry experts.”
This explanation, however, has not been enough to satisfy many security experts who would prefer Riot rethink their anti-cheat strategy. We talked to Tyler Humphries, a Global Operations Engineer who specializes in security vulnerabilities, to better understand the implementation of the Vanguard anti-cheat system.
“My main concerns are the intrusive nature of Vanguard, due to it running on boot and at kernel level, there is the potential for abuse by either a malicious actor or Riot themselves,” Humphries explained. “To oversimplify it, kernel mode is basically giving an application unfettered access to your computer. This allows an application to view and alter anything running on your PC. The benefits of this when running anti-cheat is the application is capable of seeing any potential cheats without having to worry about permission levels. My concern would be that it can also see anything else on your computer. Vanguard is a huge violation of privacy and ripe for abuse. All it would take would be one vulnerability, or one malicious actor at Riot pushing some nefarious code, and millions of users could have their data compromised.”
Humphries cited a number of potential threats for those who are running Vanguard, including keyloggers to steal your online passwords, bitcoin miners being installed on machines, or even the infection of a larger network of machines with malware. According to Humphries, as far as the possible abuse of this system goes, “the sky is the limit.”
The Changes to Vanguard Did Not Fix the Security Flaws
In response to the backlash, Riot Games released an update for Vanguard which allows players to disable it via a system tray icon. If players do disable it, they will have to reboot their computer before playing VALORANT again. The company has also made it easier to uninstall Vanguard. However, these changes do not address the root of the problem according to Humphries.
“I appreciate that Riot is being more transparent as to when Vanguard is running and making it easier to disable vanguard for your typical user, but essentially nothing about the application has changed,” he explained. “If you had security concerns, they still exist. Yes, in theory you could play VALORANT in a safer way by uninstalling Vanguard when you are not playing it, and then reinstalling and rebooting your computer when you want to play VALORANT, but that’s a lot of effort, and people are lazy. All it takes is one instance of ‘I’m going to play VALORANT tomorrow, I’m not going to bother uninstalling it tonight’ and your data could be compromised.”
Humphries went on to say, “I think a serious question we all need to ask ourselves is what level of our own personal privacy are we willing to compromise to play a video game? I applaud Riot for truly desiring for a fair and level playing field for all players, but in what instances does it truly matter? It sucks when you lose to a cheater, it’s upsetting, but in the grand scheme of things, it doesn’t really matter. I’ll report the player, finish the match, and move on with my life. The risk of Vanguard compromising all my private data is much more concerning to me, than the inconvenience of losing to a cheater.”
It’s a good thing that Riot wants to have a full-proof anti-cheat system and running anti-cheat at a kernel level can even be acceptable, if it’s only running while playing the game. However, the extreme measures put in place by Riot by having a system level driver run constantly is a disproportionate security sacrifice to make for the sake of cheat prevention in a game. It seems like other competitive games haven’t needed such invasive methods, so why should VALORANT?
Humphries addressed this question saying, “I’m not a developer, so I won’t even pretend to understand what goes into designing anti-cheat and how to make it function correctly. But I would prefer Riot offer a solution similar to one of their competitors. Yes, CS:GO, Overwatch, and Rainbow 6 Siege all have cheaters, but all of those games still have thriving communities of players enjoying themselves. Good anti-cheat is obviously important to a fun experience, but based on the community size, and my anecdotal experience with these games, their anti-cheat appears to be sufficient enough to still build massive player bases. Essentially what I want is less intrusivity, and less potential for abuse.”
The issues raised by Tyler Humphries and other security professionals should be concerning to anyone who wants to play VALORANT. Riot Games wants VALORANT to maintain a massive, active player base. Every single one of those active players could be affected by these issues if Riot’s security is compromised. Riot is asking for players to trust them with all of their data and that’s a pretty big ask, regardless of how effective Vanguard is at detecting cheaters.