1

Recently, I have downloaded a game from Steam. I wondered whether it was somehow possible to alter the data of the game and replace it with malware without the computer it was sent to noticing. Basically, is it likely that I became a victim of a MITM attack? And is the method of checking for time delay to detect tampering effective? And what about other ways of not allowing changed incoming traffic?

DaddyMike
  • 45
  • 2
  • 5

1 Answers1

0

Rephrasing your questions a little:

Is it possible to alter the data of the game and replace it with malware without Steam's servers noticing?

It is possible.

Is it likely?

No, for the reasons listed in the "other ways" section.

Can time delay be used to detect tampering?

No. Networks are unreliable, so this would create too many false positives. Also, in order for this Man-in-the-Middle attack to work at all to replace a specific game, the attack needs to be prepared beforehand. In the extremely unlikely chance that it's attempted, you would probably get the maliciously doctored game faster than you'd get an original copy.

Other ways to prevent this attack?

  • Use TLS (SSL) to encrypt the data as it is being sent to you. An attack would have had to have already compromised your computer to be able to decrypt and change the data while it's being sent to you.
  • Verify the file's integrity; that it is the right size and the right hash can be calculated from it.

Steam already does both of these things, and can be directed to re-check the files after installation as well. The way to beat the file integrity check is, again, to already have malware on your computer that is showing you intentionally incorrect data.

Essentially, unless you're a target of a State-Level Actor (CIA, MI6, etc.), someone did not swap your game with malware while you were downloading it. You would know if you were already such a target.

Ghedipunk
  • 5,766
  • 2
  • 23
  • 34
  • Does the calculation of hashes automatically happen after download or does it have to be manually checked? If it doesnt happen immediately then is it possible that the malware replaced the files to be checked with the correct ones but is still present on the computer? And how can the Steam servers even notice tampering if the files are sent to me, not them? – DaddyMike Nov 15 '19 at 22:01
  • The calculation is down automatically as part of downloading and installing... And the server doesn't need to notice the tampering, the Steam client is the important part. – Ghedipunk Nov 15 '19 at 22:20
  • But if its up to the Steam client to verify the hash, then how does it get the hash to verify with? If its sent together with the files then it could be tampered with too? – DaddyMike Nov 16 '19 at 10:40