Ten-Year-Old Hacker Reveals Mobile Gaming Exploit at Defcon
Posted By Admin on August 14, 2011
A ten-year-old hacker who discovered an exploit that allows easy cheating in iOS and Android games has presented her findings to this years Defcon hacking conference.
I dont really know what the average ten-year-old girl gets up to in her spare time these days but Im pretty sure its not figuring out how to exploit the latest generation of mobile videogames. Yet thats exactly what what the precocious little darling with the handle of CyFi did, and then she headed off to Defcon to tell everyone about it.
CyFi discovered that by fiddling with the clock on her mobile devices, she could speed up the action in certain games, allowing her to do things like grow pumpkins instantly in farming games. That in itself isnt a particularly novel idea; what makes CyFis discovery interesting is that app makers apparently saw this coming and built in protections against it, which she was nonetheless able to circumvent by disconnecting the devices from the network and increasing the clock in small increments.
It was hard to make progress in the game, because it took so long for things to grow, she told CNet. So I thought, Why dont I just change the time?
She didnt reveal the specifics of her exploit or the names of the games involved in order to keep it from becoming too widespread but she did discuss the matter in a Defcon Kids presentation entitled Apps – A Traveler of Both Time and Space [And What I Learned About Zero-Days and Responsible Disclosure].
The world of apps has obvious[ly] not thought about security, yet. Here is an import[ant] lesson they can learn from a Girl Scout. Ill show a new class of vulnerabilities I call TimeTraveler, she wrote. By controlling time, you can do many things, such as grow pum[p]kins instantly. This technique enables endless possibilities. Ill show you how. Wanna play a game? Lets find some zero-days! (Cuz its fun!)
CyFis mother said that following her daughters presentation, identity protection company AllClear ID [the folks contracted by Sony to provide a year of free identity theft protection to PSN customers] would offer a $100 reward to the young hacker who discovered the most games vulnerable to the exploit in a 24-hour period. Isnt that just the sweetest thing ever?
via: Dvice
Comments