We’re Chris Hymes (Data Protection Officer & Chief Information Security Officer), Mark Hillick (Director of Security), Clint Sereday (Anti-Cheat Product Lead), Daniel Hu (Data Privacy Product Lead), and Warren Kenny (Application Security Product Lead). And we’re here to talk about Riot Vanguard.
We’ve discussed Vanguard in the past, but over the last week there’s been a lot of conversation about Vanguard and its kernel mode driver. The biggest concerns we’re hearing are about the security of the driver and your privacy. Our buddy Paul “Riot Arkem” Chamberlain has been addressing questions where he can, but as a group of the most unapologetically paranoid Rioters, we wanted to give Riot Arkem a little backup and give you some added insight into how Vanguard was built with security and privacy at its heart.
A Little Background on Riot Security
A few years ago, we wrote about how security has evolved at Riot. We described our approach as being:
- the guardian of Riot’s player-focused culture,
- feedback-driven and audience-focused, and
- centered around providing options, not roadblocks.
This is as true in 2020 as it was in 2017. The Anti-Cheat team made sure Vanguard was designed with our Security and Data Privacy teams coordinating closely at every stage of development. We understand the decision to run the driver component in kernel-mode can raise concerns, and that some of you want to know more about the tech behind Vanguard. We can’t get too deep into the technical specifics without potentially compromising Vanguard, but we’ll go as far as we safely can below, plus we can assure you that it has been reviewed by both internal and external security experts.
The bottom line is we would never let Riot ship anything if we weren’t confident it treated player privacy and security with the extreme seriousness they deserve. With that in mind, let’s look at our philosophy for Vanguard and the fundamentals of its architecture.
Riot Vanguard Philosophy
- Riot’s committed to achieving the highest competitive integrity in our games. We want you to play in a world where you never have to doubt your abilities or your opponent’s.
- The battle against cheats is constantly evolving and we’re always working on better ways of accomplishing our goals. Cheating has gone from merely seeking control of game client memory to methods that attempt to modify the underlying operating system.
- If anti-cheat software is only run in user-mode, its capabilities would be compromised by a cheat running at a higher privilege level. For example, some of the more advanced cheating communities have used Direct Memory Access (DMA) to rebroadcast memory to a separate computer for later processing.
- Vanguard is a solution that will help us achieve the vision of competitive integrity while enabling us to continuously adapt our arsenal in the war against cheaters.
- Vanguard does not collect or process any personal information beyond what the current League of Legends anti-cheat solution does. Riot does not want to know more about you or your machine than what is necessary to maintain high integrity in your game. The game data we collect is used for the operation of the game and integrity-related services such as Packman and Vanguard.
Riot Vanguard Architecture
- Vanguard consists of three components: the client, driver, and platform.
- The client (user-mode) handles all of the anti-cheat detections while a game is running.
- The client needs to communicate with the platform to receive detections and in order for a player to be able to play.
- The client does not consider a machine trusted unless it recognizes the driver; untrusted machines cannot play VALORANT.
- The driver (kernel-mode) is used by the client to validate memory and system state, and to make sure the client has not been tampered with.
- The driver runs at start-up to prevent loading cheats prior to the client initialization.
- The driver can be uninstalled at any time (“Riot Vanguard” in Add/Remove Programs), although VALORANT won’t run without it.
- The driver does not collect or send any information about your computer back to us.
- The driver has been signed by Riot’s own EV cert, which has in turn been signed by Microsoft as per their code signing process.
What’s Next?
As part of our commitment to player security and privacy, we’ve been running a Bug Bounty program on HackerOne for the past 6 years. We’ve rewarded security researchers with almost two million dollars in bounties and our scope includes everything that players interact with. Today we’re announcing that we’re creating a special scope for Vanguard vulnerabilities with even higher bounties. We want players to continue to play our games with peace of mind, and we’re putting our money where our mouth is. If you think you’ve found a flaw in Vanguard that would undermine the security and privacy of players, please submit a report right away and you may be eligible for a big bounty payout. Visit our HackerOne page for more details.
We’d never let Riot ship something we couldn’t stand behind from a player-trust perspective (not that we think Riot would ever try). Players have every right to question and challenge us, but let’s be clear—we wouldn’t work here if we didn’t deeply care about player trust and privacy and believe that Riot feels the same way. We’re players just like you, and we wouldn’t install programs on our computer that we didn’t have the utmost confidence in.
Please keep holding us accountable for protecting both the competitive integrity of your games and your personal privacy.