Are you addicted to Trivia Crack? Security researcher Randy Westergren's wife is, and that piqued the white-hat hacker's curiosity. After examining the source code of the popular new mobile game's Android app, Westergren discovered that players can game the system easily, and he used that knowledge to illustrate potential vulnerabilities in other Android apps.
Westergren detailed his research on his blog, where he explained how he monitored the app's communications with the Trivial Crack servers, then decompiled the app's installer file, or APK, into source code. Apparently, when a round begins, Trivia Crack's servers send a question AND its correct answer to a user's phone before he or she ever spins the question wheel, and therein lies the hack.
MORE: 10 Best Trivia Game Apps
Trivia Crack's programmers included a developer tool in the game's source code known as ANSWERS_CHEAT, which keys users into the correct answer on a zero-based scale. For example, if the first choice is the right one, users will see a (0) next to the question. If the second answer is correct, users will see a (1), and so on.
Westergren tweaked the code to display the number of the correct answer next to the question, recompiled the APK, installed it and found that it worked just fine. He's made the hacked version of the app available for free download (the link is on his blog post), but claims he is "not responsible for any immoral gameplay."
Indeed, while using the exploit could give Android users a competitive edge, it also defeats the purpose of playing a trivia game. Users who play on Apple devices or computers cannot use it, unless they discover similar vulnerabilities in the source code for other platforms.
Cheating at a trivia game is one thing, but Westergren, as a security researcher, is more interested in how an oversight like this one might affect other Android apps. Leaving developer tools in the source code for a banking or social networking app could open the doors for some potentially more dangerous hacks, and from potentially less reputable agents than security researchers.
In order to prevent potentially malicious apps, it's best to disallow app installation from unknown sources in the security settings menu of your Android device. It's turned off by default, so unless you've turned it on, you should be well-protected.
Of course, this won't prevent other people from using the Trivia Crack hack for their own gain, but you can counter that with your superior knowledge of '90s television and NFL history, can't you?
- Scariest Security Threats Headed Your Way: Special Report
- Microsoft Bombs Antivirus Tests Yet Again
- Fitness Bands Found to Be Ripe for Hacking