10-year-old girl discovers age old flaw in iOS and Android games, she discovered a zero day exploit in iOS and Android games that would allow her to speed time in game thus growing things faster. The 10 year old girl CyFi revealed this exploit at DefCon Kids and this zero day exploit is related to the clock in games which are used to measure the time it takes for a crop to grow, much like farmville. CyFi’s discovery has since been verified by independent security researchers and the exploit has been found to work in versions of games for both Apple and Android gadgets………….
A 10-year-old hacker who goes by the handle CyFi has an important lesson hat mobile phone app makers can learn from a Girl Scout and she found a way to cheat Android and iOS games on smartphones and tablets using a common console and PC video game exploit. While simple in its nature, this exploit works with many mobile games. If you’re a frequent mobile gamer you’re likely familiar with games that require time in order to make progress within them. A common example would be Farmville, where it can take days to grow a crop, and the whole process of waiting really gets in the way of the whole gaming experience. If you’re not willing to wait, it now turns out that you can simply move your device’s clock forward a few hours in order to trick the game into moving ahead as well, opening up the exploit. It’s a really simple concept, according to the hacker:
It was hard to make progress in the game, because it took so long for things to grow. So I thought, ‘Why don’t I just change the time?
In addition to moving the clock forward, a few other tricks can make this trick more likely to work, such as disabling the device’s Wi-Fi connection and making incremental clock adjustments instead of moving it forward all at once. Playing along with true hacker ethics, CyFi has promised not to disclose which games are susceptible to this exploit, although the 10-year-old has hinted it is a farming-oriented game. By not disclosing the vulnerability, game developers will have time to correct this rather obvious issue, since, if left unpatched, it could indeed cause them to lose a considerable amount of money and gamers cheating their way through as well. Yet, DefCon Kids will be offering a $100 reward to whoever manages to discover the most games with this bug over the next 24 hours. DefCon is an annual hacking convention that first took place in June 1993 and has since then been held every summer in Las Vegas. The conference, which is attended mainly by hackers, journalists and lawyers, features several speakers who show off their hacking-related discoveries on stage. DefCon Kids, which first premiered this year, is a section of the regular DefCon that aims at introducing kids between the ages of 8 and 16 to the hacking world and instructing them on topics such as social engineering, Google hacking and even opening master locks.