Sign in with
Sign up | Sign in

10-Year-Old Girl Reveals Exploit in Android, iOS Game

By - Source: CNET | B 42 comments

During DEFCON Kids 2011, a 10-year-old "hacker" revealed a confirmed exploit in iOS and Android games.

Sunday during the annual DEFCON convention (19), a 10-year-old hacker revealed a zero-day exploit in Android and iOS games. Going by the alias "CyFi," the California girl wouldn't reveal which games were affected by the exploit (for obvious reasons), but CNET reports that independent researchers have confirmed the exploit as a new class of vulnerability.

While speaking with CNET an hour before her presentation, CyFi said that she discovered the flaw back in January 2011 because she grew bored with the slow pace of farm-based games. "It was hard to make progress in the game, because it took so long for things to grow," she said. "So I thought, 'Why don't I just change the time?'"

Based on her testimony, there wasn't any real hacking involved. Instead, most of the games she discovered containing the exploit featured time-dependent factors. CyFi admitted that she didn't want to wait ten hours for a certain crop to grow, so she instead manually advanced her tablet's clock ahead ten hours – this reportedly opened up the exploit.

She then took her discovery a bit further. Typically most games will detect and block this kind of cheat, but she discovered that it was much more difficult for the game to detect her manipulation once she disconnected her device from the Wi-Fi network. Making incremental adjustments to the clock also proved difficult to detect.

CyFi's presentation was part of the DEFCON Kids, a spinoff of the popular hacker convention that allows kids to participate in demos and workshops such as learning how to open master locks, Google hacking, making electronics, social engineering, coding from scratch and more.

"There will be a workroom for kids to participate in hacking activities anytime throughout the two days, including a Codebreaking Museum, a Makerbot and the Hardware Hacking Station," reads the convention description. "The rooms are on a first-come, first-serve basis. There will also be contests just for kids, including social engineering and lockpicking."

After CyFi's presentation, the sponsors offered a $100 reward to the young hacker who found the most games with her newly-discovered exploit over the following 24 hours.

Display 42 Comments.
This thread is closed for comments
Top Comments
  • 28 Hide
    Darkerson , August 8, 2011 10:11 PM
    Smart little girl. I think they should have offered her a bit more then that.
  • 19 Hide
    ricardok , August 8, 2011 10:58 PM
    Not only this exploits existed on older sharewares, we, from the old days, did change the date to make the shareware never expire.

    What's impressive, in this case, is that there are so many 'bad' programmers out there that forgot to check for the real date/time on their apps that this exploit might be just a door opened to other worst exploits on the said systems.

    RADIO_ACTIVEBecause you didn't think of it and she did, and btw she is 10 years old, maybe thats why it is special.
    When I was 12 to 13 (way back to the 286) I did the same with programs. So, no, nothing special there.
  • 17 Hide
    belardo , August 8, 2011 10:13 PM
    Should have given her a matching set of computer parts that are pink....

    Good job...

    My 6yr old looks for way to cheat on games on his desktop :) 
Other Comments
  • 28 Hide
    Darkerson , August 8, 2011 10:11 PM
    Smart little girl. I think they should have offered her a bit more then that.
  • 17 Hide
    belardo , August 8, 2011 10:13 PM
    Should have given her a matching set of computer parts that are pink....

    Good job...

    My 6yr old looks for way to cheat on games on his desktop :) 
  • -5 Hide
    wintermint , August 8, 2011 10:17 PM
    Really? This is just like PvZ where I change the time so I can farm more daisy or whatever.
  • -4 Hide
    reprotected , August 8, 2011 10:17 PM
    I use this exploit to get money in Tiny Towers.
  • 2 Hide
    Anonymous , August 8, 2011 10:18 PM
    I read about this on another site....all the kid did was increase the system time in order to advance the game...
  • 10 Hide
    Anonymous , August 8, 2011 10:25 PM
    Sensationalist article titles for the win... You got my click...


    *jealous because nobody wrote an article about me finding ways to cheat the system on my Super Nintendo*
  • 12 Hide
    Anonymous , August 8, 2011 10:26 PM
    I don't see how this is that special, all she did was change the clock, hurray?
  • 6 Hide
    bobbyp86 , August 8, 2011 10:26 PM
    hehe I was doing this in Animal Crossing years ago when it came out on the Gamecube
  • 7 Hide
    Anonymous , August 8, 2011 10:34 PM
    ..... this has been a known exploit of many games for years.........................
  • 11 Hide
    RADIO_ACTIVE , August 8, 2011 10:52 PM
    AnonymousI don't see how this is that special, all she did was change the clock, hurray?

    Because you didn't think of it and she did, and btw she is 10 years old, maybe thats why it is special.
  • 19 Hide
    ricardok , August 8, 2011 10:58 PM
    Not only this exploits existed on older sharewares, we, from the old days, did change the date to make the shareware never expire.

    What's impressive, in this case, is that there are so many 'bad' programmers out there that forgot to check for the real date/time on their apps that this exploit might be just a door opened to other worst exploits on the said systems.

    RADIO_ACTIVEBecause you didn't think of it and she did, and btw she is 10 years old, maybe thats why it is special.
    When I was 12 to 13 (way back to the 286) I did the same with programs. So, no, nothing special there.
  • 8 Hide
    milktea , August 8, 2011 11:04 PM
    DEFCON Kids have contests for kids in social engineering? wow, that is unbelievable.
  • 7 Hide
    Anonymous , August 9, 2011 12:36 AM
    Quote:
    Because you didn't think of it and she did, and btw she is 10 years old, maybe thats why it is special.
    Nope, not special at all. Did this while playing ps1 games, or when I download software, I set the clock to something like 2099 and then activated to get 100+ years before expiration. Did I get some sort of recognition? No. Why? Because this isn't hard to do nor anything new and has been around for YEARS.
  • 6 Hide
    bebangs , August 9, 2011 12:48 AM
    I do this on plants vs zombies.

    so what does the exploit do? what's the vulnerability?

    is that it? the cheat? please explain.
  • 3 Hide
    Camikazi , August 9, 2011 1:29 AM
    notspecialNope, not special at all. Did this while playing ps1 games, or when I download software, I set the clock to something like 2099 and then activated to get 100+ years before expiration. Did I get some sort of recognition? No. Why? Because this isn't hard to do nor anything new and has been around for YEARS.

    It's not the fact that it is new that is somewhat special, it's the fact that a 10 year old did figure it out themselves that is. Yes the exploit is old, yes it has been around for many programs but do you think they knew that? They just thought of something to tried and figured it out and no, not every kid could do that since not many at 10 make the connection between game progression and system time like an older person would.
  • 4 Hide
    cold fire , August 9, 2011 1:50 AM
    CamikaziIt's not the fact that it is new that is somewhat special, it's the fact that a 10 year old did figure it out themselves that is. Yes the exploit is old, yes it has been around for many programs but do you think they knew that? They just thought of something to tried and figured it out and no, not every kid could do that since not many at 10 make the connection between game progression and system time like an older person would.


    When I was 11 I used to exploit my dad's satellite receiver which had a password lock for the settings and adding new channels. The receiver had a glitch where you could add a new channel of an existing one but allowed you to change the frequency and such. Then I used this to add "porn" channels when my parents weren't home. And to restore everything to how it was I just unplugged the power cable instead of turning it off using the power button.
  • 4 Hide
    Anonymous , August 9, 2011 1:54 AM
    she is not the first person who changes the clock to see if they can affect a certain game ... i dont see why this is in the news ...
  • 1 Hide
    mlopinto2k1 , August 9, 2011 2:20 AM
    Uhhhh... big difference from now and then. They are hosting CONVENTIONS showing children how to exploit and hack software. Sounds like behavioral programming to me. You don't need to be a rocket scientist to see this.
  • 2 Hide
    Anonymous , August 9, 2011 2:20 AM
    Quote:
    It's not the fact that it is new that is somewhat special, it's the fact that a 10 year old did figure it out themselves that is. Yes the exploit is old, yes it has been around for many programs but do you think they knew that? They just thought of something to tried and figured it out and no, not every kid could do that since not many at 10 make the connection between game progression and system time like an older person would.
    I guess I was smart for my age then. I bought a ps1 at around 1998/1999, and monster rancher (released in 1997) you could do the date thing on that game. Considering I was born in 1990, I was 8/9 when I figured this 'exploit' out.
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter