07-08-2011, 11:05 PM
|
| | | Join Date: Sep 2007 Location: near Govt College of Science Multan Pakistan
Posts: 9,693
Contact Number: Removed Program / Discipline: BSIT Class Roll Number: 07-15 | |
Bored 10-year-old girl hacker finds zero-day exploit in iOS & Android games Most kids at age 10 would just move on to another game if they were bored with the one they were playing. But Californian girl hacker CyFi isn’t any ordinary kid, and instead decided to try and work around her frustrations with the farm-style games she liked playing. That tinkering led to the discovery of a zero-day exploit in a number of games on iOS and Android platforms. The exploit is to do with the clock used on devices running the two mobile operating systems, and just as importantly how games use it to aid in gameplay progression. Many of these farm-style games rely on the clock to grow crops the player plants or by signifying general time progression. It usually takes several hours for such a plant to grow in-game. CyFi discovered she could just change the time on her device and get instant crop growth, circumventing the need to wait. Some games use the clock on a device, but block that exploit by doing certain checks. However, CyFi did some further investigation and found those checks can be circumvented too, either by disabling Wi-Fi or only increasing the time in small increments repeatedly. She presented her results at the DefCon Kids conference this weekend, a new edition to the wider DefCon hacker gathering. While the exploit CyFi found may not be a serious security breach, it’s both amusing and telling that a 10-year-old has triggered some frantic work by several, possibly large game developers, to close the hole she discovered in their apps. We hope CyFi continues her hacker ways and comes back next year with another discovery or two. |