Skip to main content

Ten-year old hacker finds vulnerabilities in mobile games

zynga-farmville-logo-opening-screen
Image used with permission by copyright holder

A 10-year old California girl is the world’s newest famous hacker. Going by the name CyFi, the preteen found a way to exploit a vulnerability in numerous mobile apps by tinkering with mobile devices’ system clocks.

 She presented her work at the first ever DefCon Kids conference, a new part of Defcon, the world’s most famous hacker conference. Ïn her talk, called “Apps – A Traveler of Both Time and Space (And What I Learned About Zero-Days and Responsible Disclosure),” CyFi explained that she was able to circumvent common security measures that prevent users from manipulating apps by changing their device’s system clock.

 At its core, it’s one of the oldest tricks in the book. For example, imagine a piece of demo software that lets you use it for a restricted period of time. After 30 days, it locks up unless you pay for it. So why not just roll back your computer clock so the app still thinks its the day you bought it?

 While tricks like that used to work, developers have long built systems to prevent that from happening, especially on mobile devices that have regular access to the Internet to cross-check the date. However, CyFi found that in some FarmVille-style task-based games, she was able to circumvent the built-in waiting process that slows users’ abilities to level up. Basically, she got bored with waiting the requisite hours to harvest her crops, and just bumped her system clock forward to trick the game.

It wasn’t quite that simple. Those mobile games, like most others, do have systems in place to prevent exactly those kinds of cheats. But CyFi, through some clever experimentation, found a combination of techniques that let her beat the system, including change the time by small bits or by disconnecting her devices from networks in between time changes.

 In keeping with the spirit of the security conference, CyFi didn’t present all the specifics of her findings, nor did she name the specific apps involved. Instead, she informed the developers themselves of the issues and will hold all the details until the vulnerabilities can be fixed.

Editors' Recommendations

Derek Mead
Former Digital Trends Contributor
This AI cloned my voice using just three minutes of audio
acapela group voice cloning ad

There's a scene in Mission Impossible 3 that you might recall. In it, our hero Ethan Hunt (Tom Cruise) tackles the movie's villain, holds him at gunpoint, and forces him to read a bizarre series of sentences aloud.

"The pleasure of Busby's company is what I most enjoy," he reluctantly reads. "He put a tack on Miss Yancy's chair, and she called him a horrible boy. At the end of the month, he was flinging two kittens across the width of the room ..."

Read more
Digital Trends’ Top Tech of CES 2023 Awards
Best of CES 2023 Awards Our Top Tech from the Show Feature

Let there be no doubt: CES isn’t just alive in 2023; it’s thriving. Take one glance at the taxi gridlock outside the Las Vegas Convention Center and it’s evident that two quiet COVID years didn’t kill the world’s desire for an overcrowded in-person tech extravaganza -- they just built up a ravenous demand.

From VR to AI, eVTOLs and QD-OLED, the acronyms were flying and fresh technologies populated every corner of the show floor, and even the parking lot. So naturally, we poked, prodded, and tried on everything we could. They weren’t all revolutionary. But they didn’t have to be. We’ve watched enough waves of “game-changing” technologies that never quite arrive to know that sometimes it’s the little tweaks that really count.

Read more
Digital Trends’ Tech For Change CES 2023 Awards
Digital Trends CES 2023 Tech For Change Award Winners Feature

CES is more than just a neon-drenched show-and-tell session for the world’s biggest tech manufacturers. More and more, it’s also a place where companies showcase innovations that could truly make the world a better place — and at CES 2023, this type of tech was on full display. We saw everything from accessibility-minded PS5 controllers to pedal-powered smart desks. But of all the amazing innovations on display this year, these three impressed us the most:

Samsung's Relumino Mode
Across the globe, roughly 300 million people suffer from moderate to severe vision loss, and generally speaking, most TVs don’t take that into account. So in an effort to make television more accessible and enjoyable for those millions of people suffering from impaired vision, Samsung is adding a new picture mode to many of its new TVs.
[CES 2023] Relumino Mode: Innovation for every need | Samsung
Relumino Mode, as it’s called, works by adding a bunch of different visual filters to the picture simultaneously. Outlines of people and objects on screen are highlighted, the contrast and brightness of the overall picture are cranked up, and extra sharpness is applied to everything. The resulting video would likely look strange to people with normal vision, but for folks with low vision, it should look clearer and closer to "normal" than it otherwise would.
Excitingly, since Relumino Mode is ultimately just a clever software trick, this technology could theoretically be pushed out via a software update and installed on millions of existing Samsung TVs -- not just new and recently purchased ones.

Read more