It emerged late today on Reddit that an eagle-eyed user has spotted a veiled attempt by company FlightSimLabs to verify whether or not the software the user was running was legitimately purchased, kicking off a bit of a public relations scandal for the company.
Reddit user crankyrecursion discovered the code, what Kotaku is describing as a password-dumping tool, February 18. How it works is it is designed to trigger a process through which the company stole usernames and passwords using the user’s web browser, like Chrome.
This was in order to verify whether the software was legitimate or not.
FlightSimLabs’ boss speaks
FlightSimLabs Lefteris Kalamaras is not denying the claims. Rather, he is instead choosing to highlight that the code is only to verify their own software.
Kalamaras issued a statement that attempted to explain the company’s position. It read in part: “First of all – there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products. We all realize that you put a lot of trust in our products and this would be contrary to what we believe.” He then goes on to add: “the specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay” and other related websites.
This method, he assures us, is effective in catching criminals who steal the company’s software.
While seemingly clear to the company, this has ruffled more than a few feathers in the community. Luke Gorman at Medium.com explained that this not only fails to reassure consumers, but is also quite malicious in effect.
He explains that any consumer who purchases FlightSimLabs’ A320 module has a program secretly installed on their computer that is capable of stealing passwords. This is the classical definition of malware.
During the installation process for the A320 module, users have to disable their antivirus software for it to execute. They then have to rely upon FlightSimLabs honesty that their passwords won’t be exploited.
Or maybe pray that a malicious third-party doesn’t find out and do it.
The company is currently in a self-explanatory and apologetic phase, reassuring customers that nothing untoward was intended.
As of press, FlightSimLabs has removed the code in question from the installer. In a statement, the company once again apologized and promised to make things right in the future: “We have already replaced the installer in question and can only promise you that we will do everything in our power to rectify the issue with those who feel offended, as well as never use any such heavy-handed approach in the future. Once again, we humbly apologize!”