DefCon Child Wizard Exposes Security Flaws in Smartphone, Tablet Games
A 10-year-old girl found that the gaming prowess of many a smartphone can be undermined by some serious security holes.
The girl, who goes by the handle of "CyFi," found that games on smartphones or tablets running on Apple or Android mobile software can be hacked into by tinkering with its clock settings.
Smartphone games can usually detect and block such cheating, but the girl, who displayed her hacking wizardry at the annual DefCon Hackers Conference in Las Vegas, has found a way to work around such security measures.
Bored with the slow progress of games on the smartphone, she tested the limits to find out that if the user advances the clock on a tablet computer or a smartphone, the way the game is played can be manipulated to a great extent.
The name of the girl prodigy hasn't been revealed, but the Associated Press reports that she is the daughter of a pair of DefCon stalwarts.
She was participating at a kids' workshop on the sidelines of the world's biggest gathering of hackers. More than 60 children participated in the workshop, where young children were taught the art of "legal" hacking.
CyFi's exploit works on versions of games for both Apple and Android gadgets. In her presentation at the conference, she said she tweaked the operating system of the device as she got bored with the slow progress on mobile games.
"I love apps! In the app world, I can control both time and space," she wrote in the introduction to the tutorial about how you can advance scores by turning off a Wi-Fi connection and then slowly increasing the time manually. Her presentation was titled "Apps -- A Traveler of Both Time and Space; And What I Learned About Zero-Days and Responsible Disclosure."
She taunted the app developers by saying that they often forget to fortify security. "The world of apps has obvious[ly] not thought about security, yet," she wrote.
"Here is an import lesson they can learn from a Girl Scout. I'll show a new class of vulnerabilities I call TimeTraveler. By controlling time, you can do many things, such as grow pum[p]kins instantly. This technique enables endless possibilities. I'll show you how. Wanna play a game? Let's find some zero-days! (Cuz it's fun!)."
During the two-day conference, adult hackers mounted attacks on high-profile government organizations and corporations like Google to show how easy it is to gain access to data. The meeting also included sessions for budding hackers.
The childrens' parents accompanied them to the hacking conference and vouched for the importance of kids being educated in the art of hacking, noting that they are growing up into an technology-driven era.
A father of a 14-year-old boy who took his son to the workshop told ABC News: "I see it in him — he feels like he belongs to a clan, to a group. I'm really proud ... I can see he has the excitement in his eyes."
DefCon, one of the oldest and the largest continuous running hacker conventions around, was started in 1993. Its founder Jeff Moss used to be a hacker of renown under the name "Dark Tangent." He is now on the White House Homeland Defense Council.
© Copyright IBTimes 2024. All rights reserved.