10-Year-Old Girl Reveals Exploit in Android, iOS Game

Sunday during the annual DEFCON convention (19), a 10-year-old hacker revealed a zero-day exploit in Android and iOS games. Going by the alias "CyFi," the California girl wouldn't reveal which games were affected by the exploit (for obvious reasons), but CNET reports that independent researchers have confirmed the exploit as a new class of vulnerability.

While speaking with CNET an hour before her presentation, CyFi said that she discovered the flaw back in January 2011 because she grew bored with the slow pace of farm-based games. "It was hard to make progress in the game, because it took so long for things to grow," she said. "So I thought, 'Why don't I just change the time?'"

Based on her testimony, there wasn't any real hacking involved. Instead, most of the games she discovered containing the exploit featured time-dependent factors. CyFi admitted that she didn't want to wait ten hours for a certain crop to grow, so she instead manually advanced her tablet's clock ahead ten hours – this reportedly opened up the exploit.

She then took her discovery a bit further. Typically most games will detect and block this kind of cheat, but she discovered that it was much more difficult for the game to detect her manipulation once she disconnected her device from the Wi-Fi network. Making incremental adjustments to the clock also proved difficult to detect.

CyFi's presentation was part of the DEFCON Kids, a spinoff of the popular hacker convention that allows kids to participate in demos and workshops such as learning how to open master locks, Google hacking, making electronics, social engineering, coding from scratch and more.

"There will be a workroom for kids to participate in hacking activities anytime throughout the two days, including a Codebreaking Museum, a Makerbot and the Hardware Hacking Station," reads the convention description. "The rooms are on a first-come, first-serve basis. There will also be contests just for kids, including social engineering and lockpicking."

After CyFi's presentation, the sponsors offered a $100 reward to the young hacker who found the most games with her newly-discovered exploit over the following 24 hours.

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
42 comments
    Your comment
    Top Comments
  • Darkerson
    Smart little girl. I think they should have offered her a bit more then that.
    28
  • ricardok
    Not only this exploits existed on older sharewares, we, from the old days, did change the date to make the shareware never expire.

    What's impressive, in this case, is that there are so many 'bad' programmers out there that forgot to check for the real date/time on their apps that this exploit might be just a door opened to other worst exploits on the said systems.

    RADIO_ACTIVEBecause you didn't think of it and she did, and btw she is 10 years old, maybe thats why it is special.
    When I was 12 to 13 (way back to the 286) I did the same with programs. So, no, nothing special there.
    19
  • belardo
    Should have given her a matching set of computer parts that are pink....

    Good job...

    My 6yr old looks for way to cheat on games on his desktop :)
    17
  • Other Comments
  • NapoleonDK
    ...dotdotdot. *pshht* Control, we've found the Anonymous ringleader. Please advise, over. *pshht* Alpha this is Control, kill it with fire. Over. *pshht* Roger that. *silence*
    -15
  • Darkerson
    Smart little girl. I think they should have offered her a bit more then that.
    28
  • belardo
    Should have given her a matching set of computer parts that are pink....

    Good job...

    My 6yr old looks for way to cheat on games on his desktop :)
    17