Ten Year Old Exposes iOS and Android 'Time Extension' Exploit for Games
A 10-year-old hacker who goes by the pseudonym CyFi revealed today at DefCon 19 a zero-day exploit in games on iOS and Android devices that independent researchers have confirmed as a new class of vulnerability. The girl from California first discovered the flaw around January 2011 because she "started to get bored" with the pace of farm-style games.
Speaking to CNET about an hour before her presentation, CyFi said, "It was hard to make progress in the game, because it took so long for things to grow. So I thought, 'Why don't I just change the time?'" Most of the games she discovered the exploit in have time-dependent factors. For example, planting corn might take 10 real-time hours to mature in the game. Manually advancing the phone or tablet's clock forced the game further ahead than it really was, opening up the exploit.
She is not revealing at this time which games are affected because of reasonable disclosure, thus giving the vendors that make the affected games a chance to respond. While many games will detect and block this kind of manipulation, CyFi said that she discovered some ways around those detections. Disconnecting the phone from Wi-Fi made it harder to stop, as did making incremental clock adjustments.
