1 November 2023

Unreal Engine Network Security Revisited

Security

Over the past few years, we’ve endeavoured to educate and inform as many people as possible about the deeper workings of the cybersecurity world. Unreal Engine network security is one such area we’ve tried to demystify, given how popular it is. Since our last two articles, on Unreal Engine networking and Unreal Engine security best practices, we’re proud and delighted to see they’re still very relevant to those seeking to learn about Unreal Engine and its networking security.

As one of the primary two engines used by the gaming industry, it has a wealth of features that increase its ease of use and its accessibility for those learning and growing. But this doesn’t mean it’s flawless in how it executes its networking security. We often get the question from clients, “what can we do to help our security in preparation for our collaboration with Cyrex?” The answer is quite broad, documentation helps but we find that a clear understanding of your networking is invaluable to both your team and ours.

Server Authority System and RPCs

We explain Remote Procedure Calls or RPCs and more in our original article on Unreal Engine networking. What we’re interested in here is understanding what is being transferred over your network. The connection between game client and game server is a two-way system and it’s important that we understand exactly what information is being transferred, in what direction, and what malicious actors might do with the information that is accessible.

The actions taken by the client/player are sent to the server and RPCs are used to present these actions. The parameters of each player action is set by the specific RPC, arguments are included, and they tell the server what it needs to know. A move action for example could include coordinates. It’s this information that is transferred, potentially stored, and more importantly processed, that you want to have secured.

The server then sends states back to the client. It tells players that at “this location/coordinate X” there’s another player that they can see. And that they are moving to “that location/coordinate Y”. It’s important to network security that this information, the specific details, aren’t revealed to the player or that it can’t be found by malicious actors looking for it! The loot drop on the other side of the map should remain secret despite its parameters and location being communicated from the server and other players who might be in range of it. The equipment of the enemy has a networking presence but players obviously shouldn’t be able to see it.

Networking Security Awareness on Unreal Engine

What we’re getting at here is that we, as developers, need to be mindful of what we’re sending and what players are receiving. Additionally, it’s important to understand how this data is being processed or interpreted.

The Cyrex team often see developers not clear on exactly what they’re sending. They program a code and an RPC, they know its function, give it a few logical parameters and arguments. The server needs this info for its specified purpose. But we often see this include more information, more data, than needed. The advice we always give is “look into what you’re sending to the client/player”. Is every piece necessary? And if every piece is necessary, what is the impact if a player could change its value or state?

RPCs are embedded into Unreal Engine. Due to this, developers might not realise that player info being sent might include more than is necessary or is sending more than they want to send. It might include information like, that other player is an enemy. But it might also include information of their state, their equipment, and their resources available.

Unreal Engine has phenomenal functionality in more ways than one. However, its accessibility means it might share more or include more than you had in mind. With this information present, it means malicious actors will have an easier time abusing your system. With all the data presented as we’ve said, it’s like leaving all your valuables at the front door for the thief to snatch.

Unreal Engine Network Security Tools

Unreal Engine, however, has a fantastic tool for addressing this potential issue. It was present in Unreal Engine 4 but since the release of Unreal Engine 5, this tool left experimental status. The Networking Insights tool, is a terrific tool for developers.

It records all traffic that flows during a game session and breaks it down, displaying it visually for you.

So in this screenshot for instance you can see ServerUpdateCamera RPC, which contains the CamLocation & CamPosition

These are RPCs being sent, the info within the RPCs being sent, including core character data like movement and other actions. You can also see the particular Bunch and Channel where this RPC was transferred over. This tool, its visualisation in particular, is fantastic for understanding the process. It shows you the property within the RPC, where it’s located, and where it flows.

With this data visualised, you can check if everything being sent is necessary. It offers developers a clear baseline to evaluate their work and allows them to approach a security team with a far stronger idea of their networking operations.

Networking Security Today

We’ve found this to be quite a new concern, relatively speaking in the gaming industry. This is a new threat, something that has only developed recently as a danger. The hacking community, as we’ve said repeatedly, do not rest or slow down. They are a collaborative community, constantly growing, learning, and evolving.

Unfortunately, we don’t see the same mentality among game developers and on the development side of gaming. We’ve found there’s a lack of education and support to prepare developers for this new world of game network security. Until that changes, we’re on-hand to help with educating developers and working to make the gaming world safer every day.

Looking for digital security? Cyrex delivers a one-of-a-kind gold-standard penetration testing services. Get in touch with us today to leverage our cybersecurity or load testing services and make your game safer and stable for your players.

Our Services <img src="/wp-content/uploads/2023/05/Vector.png">

Our Products <img src="/wp-content/uploads/2023/05/Vector.png">

PENETRATION TESTINGIndustry-leading penetration testing from Cyrex.

ONLINE GAMESKeep your players and users secure online.

APPLICATION SECURITYFortify Your Digital Frontier: Safeguarding Applications and Software.

WEB3 SECURITYDefend the Future of Web3: Unleash Unbreakable Security Solutions.

SMART CONTRACT AUDITSUnlock the Power of Smart Contracts: Audit with Confidence, Trust with Certainty.

NETWORK AUDITSUnveiling the Hidden Vulnerabilities: Network Audits for Uncompromising Security.

SECURITY REPORTDownload our free security audit report template.

CYREX PROTOCEPTORAny network traffic, any platform, any tech stack.

Our Services <img src="/wp-content/uploads/2023/05/Vector.png">

Our Products <img src="/wp-content/uploads/2023/05/Vector.png">

LOAD TESTINGUnleash Performance Potential: Load Testing for Seamless Success.

STRESS TESTINGRise Above the Rest: Cyrex Spike Testing for Peak Performance Assurance.

PEAK TESTINGReach New Heights with Confidence: Cyrex Peak Testing for Performance Peaks.

SOAK TESTINGDive Deep, Test Strong: Soak Testing for Enduring Performance.

SPIKE TESTINGSurge Ahead, Uncover Strengths: Spike Testing for Performance Spikes.

CYREX SWARMGroundbreaking Load Testing Platform

Our Services <img src="/wp-content/uploads/2023/05/Vector.png">

SaaS DevelopmentCutting-Edge SaaS Solutions.

Decentralized ApplicationsEmpowering your business for the future.

API DevelopmentSeamless Integration. Powerful APIs.

Smart Contract DevelopmentEffortless and secure transactions with smart contracts.

Bridge DevelopmentEnhancing your connections to Web3 and beyond.

PortingUpdate your outdated code into a modern technology stack.

AutomationTransform your business with development automation.

PENETRATION TESTINGIndustry-leading penetration testing from Cyrex.

ONLINE GAMESKeep your players and users secure online.

APPLICATION SECURITYFortify Your Digital Frontier: Safeguarding Applications and Software.

WEB3 SECURITYDefend the Future of Web3: Unleash Unbreakable Security Solutions.

SMART CONTRACT AUDITSUnlock the Power of Smart Contracts: Audit with Confidence, Trust with Certainty.

NETWORK AUDITSUnveiling the Hidden Vulnerabilities: Network Audits for Uncompromising Security.

SECURITY REPORTDownload our free security audit report template.

CYREX PROTOCEPTORAny network traffic, any platform, any tech stack.

LOAD TESTINGUnleash Performance Potential: Load Testing for Seamless Success.

STRESS TESTINGRise Above the Rest: Cyrex Spike Testing for Peak Performance Assurance.

PEAK TESTINGReach New Heights with Confidence: Cyrex Peak Testing for Performance Peaks.

SOAK TESTINGDive Deep, Test Strong: Soak Testing for Enduring Performance.

SPIKE TESTINGSurge Ahead, Uncover Strengths: Spike Testing for Performance Spikes.

CYREX SWARMGroundbreaking Load Testing Platform

SaaS DevelopmentCutting-Edge SaaS Solutions.

Decentralized ApplicationsEmpowering your business for the future.

API DevelopmentSeamless Integration. Powerful APIs.

Smart Contract DevelopmentEffortless and secure transactions with smart contracts.

Bridge DevelopmentEnhancing your connections to Web3 and beyond.

PortingUpdate your outdated code into a modern technology stack.

AutomationTransform your business with development automation.

Unreal Engine Network Security Revisited

Server Authority System and RPCs

Networking Security Awareness on Unreal Engine

Unreal Engine Network Security Tools

Networking Security Today

We use cookies

Our Services

Our Products

Our Services

Our Products

Our Services