Riot Games is known for games such as League of Legends and Valorant, as well as for its Vanguard anti-cheat system. Recently, the publisher’s teams announced that they had identified a flaw in certain bios that allows some clever cheaters to slip under the radar, even before Windows and anti-cheat are fully in place. The problem targets “Pre-Boot DMA Protection”, which is supposed to rely on the IOMMU to block DMA (direct memory access) at the very start of boot.
For the record, the IOMMU (input/output memory management unit) is a hardware feature that acts as a filter for your RAM: it checks the ID of every device attempting to access memory and blocks those that are not authorized. However, Riot’s teams have found that with certain UEFI firmwares, the machine can indicate to the operating system (Windows) that protection is active, even though the IOMMU is not correctly initialized during the first few seconds of boot. As a result, a PCIe-connected DMA device can access memory, inject code and then wait quietly to be activated. Riot reports that it has worked with Asus, Gigabyte, MSI and ASRock, who have already released BIOS updates to correct the breach.
Riot and others speed up the hunt for cheats
Vanguard now intervenes when it detects a potentially unprotected bios for this flaw. The VAN:Restriction system kicks in and indicates that it cannot guarantee the integrity of your system due to disabled security features. You won’t be able to run VALORANT without updating your bios and, if necessary, modifying your system’s security settings. As you can see, receiving this warning does not necessarily mean that you are suspected of cheating; it simply means that your system configuration is comparable to that of cheaters who circumvent security measures to become undetectable by Vanguard. So if you want to keep on playing, you have no choice.
