Hacker says they banned ‘thousands’ of Call of Duty gamers by abusing anti-cheat flaw

A hacker exploited Call of Duty's anti-cheat to ban players.

: A hacker named Vizor exploited a flaw in Activision's Ricochet anti-cheat system to falsely ban thousands of Call of Duty players. The method involved sending a message with banned keywords to trigger automatic bans, taking advantage of Ricochet's reliance on hardcoded string detections. Although Activision claimed the issue affected only a few legitimate users, Vizor's actions went unnoticed for months, affecting numerous accounts, including some streamers. Activision was unaware until the exploit details were published, prompting a fix and reinstatement of banned accounts.

In October, Activision addressed a bug in its anti-cheat system, Ricochet, which was reportedly affecting a limited number of Call of Duty accounts. However, a hacker known as Vizor revealed to TechCrunch that they utilized the flaw to unjustly ban thousands of players, exploiting the anti-cheat's reliance on hardcoded keyword strings to identify cheaters.

Vizor discovered that by sending in-game 'whisper' messages containing specific keywords, they could provoke the system into banning innocent players. This method allowed Vizor to frame legitimate players as cheaters, taking advantage of Ricochet's scanning method that searched for particular signature strings without evaluating context, leading to numerous false bans.

In collaboration with cheat developer Zebleer, Vizor automated the exploit, continuously banning players even while away. They targeted various players, including popular streamers, until publicized details revealed the issue, prompting Activision to rectify the bug and reverse the resulting bans. The situation highlighted vulnerabilities in the anti-cheat system's design and the broader landscape of cybersecurity tactics within gaming.