Call of Duty: New anti-cheat driver apparently already in the hands of hackers

“RICOCHET” is the new weapon in the fight against cheaters from Call of Duty: Vanguard and the Battle Royale Warzone. Part of the anti-cheat system is a kernel driver for PC, and this driver is reportedly already in the hands of hackers.

What is RICOCHET? On October 14, Call of Duty introduced its long-announced anti-cheat system called “RICOCHET”. The new system is a kind of upgrade to the security infrastructure of Call of Duty and is coming for the Battle Royale Warzone and this year’s premium title CoD: Vanguard.

It involves improved processes in the background, but also a kernel driver for the PC. The driver runs while you play Warzone or Vanguard and monitors application interactions with the shooters on the PC. One day after the presentation, this driver is reportedly already in the hands of hackers, who are probably already working on countermeasures.

Hackers are likely already using the kernel driver

How secure is this? The report about the leaked driver comes from the news site “ModernWarzone”. Initially, it was just an entry in a hacker forum, but the driver file has since spread, and it is assumed that hackers actually have the code for the driver – or at least think they do (via modernwarzone.com).

Another possibility currently is that the driver file might be a trap. According to Call of Duty, they have brought in experienced professionals in security matters for the RICOCHET system. Therefore, the driver could function as a kind of Trojan that the CoD authorities could use to track down hackers working on the driver.

Call of Duty published a report a few months ago about such Trojans, which target cheaters. Whether this is the real driver remains unclear. However, it is currently said that the leaked file is most likely part of the RICOCHET system. ModernWarzone has also spoken to an anonymous source from the cheating scene, who confirmed the authenticity of the code.

What does the leak mean for cheat protection? The damage caused by the leaked driver is likely not too significant – if it is indeed the real one. Dedicated hackers can now try for a few weeks earlier to avoid detection by the driver.

But at the latest with the official release of the driver with the Pacific Update for Warzone, the code would have landed in the hands of hackers anyway. As long as no further important information about the workings of RICOCHET is leaked, the damage is likely to be limited.

So is it really not that bad? That cannot be said for sure. However, the developers emphasize in the introduction of the RICOCHET system that the new anti-cheat system does not only rely on the kernel driver. Rather, it is a package of measures, and the driver is just one part of a complete security upgrade. The package includes:

• Server-side analysis tools
• Improved investigation processes
• Increased account security
• Kernel driver on PC

RICOCHET is more of a system designed to recognize patterns to systematically expose cheaters. The kernel driver not only functions to detect cheaters but also aims to help understand the processes involved in cheating on PC.

These experiences with cheating processes are then meant to help detect fraudsters even without the kernel driver. You can find a summary of the RICOCHET introduction here.

Call of Duty is heavily invested in the new anti-cheat system. Cheaters have firmly established themselves in the minds of many players as the major problem of modern CoDs and have loudly demanded more measures against fraudsters in recent months.

Whether the system works effectively is still uncertain. We will see that at the latest with the release of the Pacific Update for Warzone. But what you can already take a look at are some snapshots of the new Pacific map, which comes alongside the anti-cheat update: Everything about the new Pacific map in CoD Warzone – release, images & size