A hacker claims to have exploited an issue in Call of Duty’s Ricochet anti-cheat system, resulting in the wrongful banning of “thousands upon thousands” of Modern Warfare 3 and Warzone players.
The exploit, which Activision confirmed was fixed last month, initially led to the wrongful banning of a “small number of legitimate players.” However, the hacker, known as Vizor, argued that the scale was much larger than reported, as previously suspected.
Speaking to TechCrunch, Vizor revealed the simplicity of the method, saying they could have continued undetected. “I could have done this for years and as long as I target random players and no one famous, it would have gone without notice,” they said.
The claimed exploit itself was surprisingly straightforward. Vizor discovered that Ricochet was scanning for hardcoded text strings used to flag cheaters. By sending players messages containing these specific strings, Vizor triggered automatic bans.
Ricochet was launched as Call of Duty’s anti-cheat system in 2021.
For instance, one such string was “trigger bot,” a common cheat that automatically fires a weapon when a target is in the crosshairs.
To maximize the impact, Vizor created a script that automatically joined games, posted the trigger strings, and left, repeating the process to trigger more bans.
The hacker explained that they focused their trolling efforts whenever the Ricochet anti-cheat team added new trigger words. Upon finding a new one, they would use it extensively to make it appear as though Ricochet was detecting legitimate cheaters.
Ricochet’s exploit allegedly went unnoticed until a cheat developer, Zeebler, exposed the issue on Twitter/X, alerting Activision.
The developers ultimately ended up patching the flaw, unbanning affected players. “It was nice to see it get fixed and see unbans. I had my fun,” Vizor ended by saying.
With CoD’s Season 1 launching on November 14, you can check out everything coming to Black Ops 6 and Warzone.