Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Ten-Year-Old Hacker Reveals Mobile Gaming Exploit at Defcon

This article is over 13 years old and may contain outdated information
image

A ten-year-old hacker who discovered an exploit that allows easy cheating in iOS and Android games has presented her findings to this year’s Defcon hacking conference.

I don’t really know what the average ten-year-old girl gets up to in her spare time these days but I’m pretty sure it’s not figuring out how to exploit the latest generation of mobile videogames. Yet that’s exactly what what the precocious little darling with the handle of “CyFi” did, and then she headed off to Defcon to tell everyone about it.

CyFi discovered that by fiddling with the clock on her mobile devices, she could speed up the action in certain games, allowing her to do things like “grow pumpkins instantly” in farming games. That in itself isn’t a particularly novel idea; what makes CyFi’s discovery interesting is that app makers apparently saw this coming and built in protections against it, which she was nonetheless able to circumvent by disconnecting the devices from the network and increasing the clock in small increments.

“It was hard to make progress in the game, because it took so long for things to grow,” she told CNet. “So I thought, ‘Why don’t I just change the time?'”

She didn’t reveal the specifics of her exploit or the names of the games involved in order to keep it from becoming too widespread but she did discuss the matter in a Defcon Kids presentation entitled “Apps – A Traveler of Both Time and Space [And What I Learned About Zero-Days and Responsible Disclosure].”

“The world of apps has obvious[ly] not thought about security, yet. Here is an import[ant] lesson they can learn from a Girl Scout. I’ll show a new class of vulnerabilities I call TimeTraveler,” she wrote. “By controlling time, you can do many things, such as grow pum[p]kins instantly. This technique enables endless possibilities. I’ll show you how. Wanna play a game? Let’s find some zero-days! (Cuz it’s fun!)”

CyFi’s mother said that following her daughter’s presentation, identity protection company AllClear ID [the folks contracted by Sony to provide a year of free identity theft protection to PSN customers] would offer a $100 reward to the “young hacker” who discovered the most games vulnerable to the exploit in a 24-hour period. Isn’t that just the sweetest thing ever?

via: Dvice

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission.Ā Learn more about our Affiliate Policy
Author