In She is only 10 years old and she goes by the pseudonym CyFi. Yet at the DefCon hacker gathering she was able to reveal a zero-day exploit in games on iOS and Android devices. Independent researchers have confirmed her discovery is a new class of vulnerability. It has been revealed that the girl first discovered the flaw in January 2011, because she started getting bored with the pace of farm-style games.
Putting her exploit in perspective, CyFi says, It was hard to make progress in the game, because it took so long for things to grow. So I thought, 'Why don't I just change the time? A vast majority of the games in which she has detected the vulnerability have some kind of time-dependent factors. Basically the vulnerability is due to the clock used on devices running the two mobile operating systems, iOS and Android.
Many of these farm-style games rely on the clock to grow crops the player plants or by signifying general time progression. For instance, it may take up to 10 hours for corn to grow in the game. So CyFi discovered she could just change the time on her device and get instant crop growth. This negated the need to wait for too long for the plant to grow. As of now he has not revealed the names of the games that are affected, so that the vendors have adequate time to make changes in their gaming software.
The exploit that CyFi has discovered may not be a serious security breach, but it is amusing to find that a 10-year-old has triggered some frantic work by several, possibly large game developers, to close the hole she discovered in their apps.
Add new comment