10-year old hacker finds flaw in mobile games
Feeling old?
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
A 10-year-old hacker has won the admiration of her adult peers for finding a previously unknown vulnerability in games on iOS and Android devices.
The young girl, who has adopted the hacker handle CyFi, discovered the timing related bug after she got bored with the slow progress of a FarmVille-style games. For example, crops in planting corn take at least 10 hours to mature.
But changing the clock time on a phone or tablet fools the game into instantly ripening crops. Some of the affected games attempt to detect such shenanigans but by changing the time by small increments or disconnecting devices CyFi managed to circumvent these counter-measures.
CyFi has informed affected vendors of her findings but is withholding most of their names, giving them time to develop a fix.
The 10-year-old presented her findings last weekend in Las Vegas at the very first DefCon Kids, the new pint-sized campaign conference to DefCon. ®
COMMENTS
RE: RE: Yes, it is.
Yeah, it kinda is.
1) The game is not working as intended. It was intended to, after a set amount of real time, set the crops to be at the next level of growth. They didn't have access to real time, so they used system time, which will be close enough. When you change the system time you are changing how it is intended to function. If they wanted you to be able to fast forward time, they probably would have given you a fast forward button.
2) Cars are not built with hard-coded rules that would deny them from going 71mph, in almost all cases. However, if they were, but you found out that it only prevented you from going above 70 in the top gear (which makes sense, nobody could possibly go above 70 in a lower gear!), but you then realized you could drop it down a gear, rev the engine (much too hard, admittedly, for a low gear) for a second, and then pop it back into the top gear and be clear of the prevention scheme... now that's hacking! Breaking a rule outside the system by hitting a button or stepping on a peddle isn't hacking, but finding a way to bypass a lock that prevents you from hitting the button or stepping on the peddle could be.
3) Your penis wasn't designed to be unable to receive blowjobs (I'd hope, but you had better clean off anyways just in case).
4) Because the system has to trust input from the system time, and there's no technical way to avoid this, any hack involving changing the system time isn't really a hack? No! That just means that the system time is an easy attack vector that is hard to defend against!
5) While it might not be clever for you to change the system time, a child who is but 10 coming up with it is rather clever for her or his age.
Why should we be admonishing this child as not "really hacking" the system. Encourage it is a great starting point and a simple example of game-breaking, hacking, and lateral thinking, so that we can continue to encourage this child to develop these skills into the future, so that when they are 20 they are able to understand the hundreds of different ways to protect, penetrate, or game a computer system to get a desired effect outside of the standard procedural bounds.
Yes, it is.
Yes, setting the clock forward to gain an advantage in online gaming is a (simple) hack. If you can make the program behave in an unintended way, you are hacking it. It is hacking as is setting the clock backward to fool "trial" software into a "forever trial" status, for example. Easy, stupid, but still a hack.
Now, if she could find a way to nuke farms...
Now, if she could find a way to nuke farms (from orbit, eventually) I'd sign up to farmville just to nuke my friend's farms and make them stop bothering me with "please click here to give me more cows" idiocy.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
