A 10-year-old hacker has won the admiration of her adult peers for finding a previously unknown vulnerability in games on iOS and Android devices. The young girl, who has adopted the hacker handle CyFi, discovered the timing related bug after she got bored with the slow progress of a FarmVille-style games. For example, crops in …
Changing the clock is hacking now? Really?
Yes, it is.
Yes, setting the clock forward to gain an advantage in online gaming is a (simple) hack. If you can make the program behave in an unintended way, you are hacking it. It is hacking as is setting the clock backward to fool "trial" software into a "forever trial" status, for example. Easy, stupid, but still a hack.
A thousand upvotes for you sir
"Hey guys! I can "hack" my wobbly table by folding up paper and placing it under the short leg!"
madd furniture skilzz dood!
RE: RE: Yes, it is.
Yeah, it kinda is.
1) The game is not working as intended. It was intended to, after a set amount of real time, set the crops to be at the next level of growth. They didn't have access to real time, so they used system time, which will be close enough. When you change the system time you are changing how it is intended to function. If they wanted you to be able to fast forward time, they probably would have given you a fast forward button.
2) Cars are not built with hard-coded rules that would deny them from going 71mph, in almost all cases. However, if they were, but you found out that it only prevented you from going above 70 in the top gear (which makes sense, nobody could possibly go above 70 in a lower gear!), but you then realized you could drop it down a gear, rev the engine (much too hard, admittedly, for a low gear) for a second, and then pop it back into the top gear and be clear of the prevention scheme... now that's hacking! Breaking a rule outside the system by hitting a button or stepping on a peddle isn't hacking, but finding a way to bypass a lock that prevents you from hitting the button or stepping on the peddle could be.
3) Your penis wasn't designed to be unable to receive blowjobs (I'd hope, but you had better clean off anyways just in case).
4) Because the system has to trust input from the system time, and there's no technical way to avoid this, any hack involving changing the system time isn't really a hack? No! That just means that the system time is an easy attack vector that is hard to defend against!
5) While it might not be clever for you to change the system time, a child who is but 10 coming up with it is rather clever for her or his age.
Why should we be admonishing this child as not "really hacking" the system. Encourage it is a great starting point and a simple example of game-breaking, hacking, and lateral thinking, so that we can continue to encourage this child to develop these skills into the future, so that when they are 20 they are able to understand the hundreds of different ways to protect, penetrate, or game a computer system to get a desired effect outside of the standard procedural bounds.
Well, it all depends on the meaning...
It all depends on the meaning of "hack". I think that changing the clock is still a hack, expecially when dealing with internet-connected, part-server and part-client-side software. If the programmes is a fool and trusts the client's clock, then it's a hack. An easy, stupid hack, but still a hack.
Then there are really clever hacks, like takign control of the firmware of a NIC remotely and use it to mess wit OS memory using DMA.
I unserstand that changing the clock is easy and messing with NIC firmware is a truly cool hack, buth I still stand that both are hacks.
@ Iron oxide
Technically, you're not actually hacking the table, since you're restoring it's normal function rather than make it function in an unintended manner.
Monkey Balmer is good at hacking chairs, incidentally...
Please enlighten us with your definition of "hack", Mr I Didn't Realize That Servers Had Clocks Or That Getting Around Restrictions Is The Essence Of Hacking. I think we'd all enjoy laughing about it in the pub later.
Well then my son trumps her, and my cat too!
When he was a few months old my some would mash on the keyboard causing DOS to get hung up. The cat jumped on a keyboard and did this too.
Both caused the software to act in unintended ways.
It *is* a hack
It is a hack, in the true meaning of the word.
What it isn't is a "crack" - This is a tech site - it's expected readers know the difference between the two.
If the word 'hack' was on a tabloid news site, it would appear misleading, because of the 'laymans' mis-use of the term.
You don't have to believe me, just check a dictionary:
hack [very common] 1. n. Originally, a quick job that produces what is
needed, but not well.
Re "Please, let's not bastardise the work hack"
Since 'hacking' origionally referred to changing the function of something in a useful (to the haker) but unintended (by the creator) way, but these days it means a specific form of hacking more correctly called 'cracking' to the exclusion of the rest, I think you are a bit late - the 80's called and all that!
"Technically, you're not actually hacking the table, since you're restoring it's normal function rather than make it function in an unintended manner."
What about if he turned it upside down and used a table leg as a rectal stimulant?
Changing the clock no.
Repeatedly changing the clock in small increments so as to circumvent a programmatic method implemented to stop the abuse, yes. Just because it is simple doesn't mean it isn't a hack. In fact, if you go all the way back to the earliest definition as in "an elegant hack" the simpler and more obvious but not thought of, the better.
bug != hack
Its not a hack, its a bug. she found a bug is all.
Why are all cafe tables unbalanced anyway?
Were they hacked?
No, It's Not.
"Yes, setting the clock forward to gain an advantage in online gaming is a (simple) hack. If you can make the program behave in an unintended way, you are hacking it. It is hacking as is setting the clock backward to fool "trial" software into a "forever trial" status, for example. Easy, stupid, but still a hack."
No, it is a "bug exploit". Alternatively it is a "clever yet unintended use of game mechanics".
Hacking involves gaining unauthorized access and/or inserting your own code.
ID 10 T error on AC 23:14
"You don't have to believe me, just check a dictionary:
hack [very common] 1. n. Originally, a quick job that produces what is
needed, but not well."
Yep, and the dictionary says a window is a hole cut in a wall to allow light in so I don't know what you're talking about windows on a computer for.
Not sure if you're trolling or just really unintelligent.
By this logic
Taking advantage of any implementation glitch in a game would be a hack. Changing the system clock to gain advantage in Farmville is not all that different from skipping most of Ravenholm in HL2 with physics tricks or taking advantage of disappearing sprites in Duke Nukem 3D -- something around when I was ten -- to beat the Cycloid Emperor with very little effort. It shows that you've spend plenty of time playing the things, are reasonably intelligent or at least observant and inquisitive, and have some vague idea of how they work. It is a hack in the sense that you are playing the game in a way unintended by its creators, but it hardly makes you a hacker or your "hack" news. Nonetheless, good going for the ten-year-old and good going for DefCon. Maybe their outreach will interest at least a few more kids in considering careers which are vaguely useful.
@AC 14:30 @ Iron oxide
Which falls under the cover of Reverse Engineering laws in some countries and is therefore protected.
Of course if you were to fix the same problem by taking an axe to the other three legs, then I think that would have to be a hack(job).
@ Mark 65
"What about if he turned it upside down and used a table leg as a rectal stimulant?"
That's not hacking, that's IP theft. The Liberal Party Conference in the mid/late '70s holds the IP on that one, according to a well-worn joke circulating at the time....
This is not a new discovery. The wife and her family have been doing this for yonks to cheat this kind of game. Saying a 10 year old discovered it seems a bit late.
Also, this isn't a "vulnerablility". It is a flaw in the game to prevent cheating, but i can't see it as an attack vector.
I prefer the BBC News version of this article.
On the BBC it was implied that this would let arbitrary code be run on the system...
(As for the comment above that it indeed is "hacking" in an online game -- note that its obviously NOT an online game here, as that kind of trickery is checked against... it only worked "if shutting down wifi" etc.)
This goes back at least as far as the dawn of personal computers, it's not new at all.
Now, if she could find a way to nuke farms...
Now, if she could find a way to nuke farms (from orbit, eventually) I'd sign up to farmville just to nuke my friend's farms and make them stop bothering me with "please click here to give me more cows" idiocy.
Erm, if you mouse over one of those messages and click on the little X which appears in the top right of the message you get a box that lets you "Hide all from Farmville".
Bravo, you've just nuked all Farmville messages!
If you can't be arsed to fix the settings on your Facebook profile,
don't bitch at me for your own idiocy.
Whether this means just blocking the postings like a geek, or unfriending the people who send you the messages is entirely up to you. Or perhaps you should go in and remove yourself from the game settings. Because the last time I checked, I'm limited to 50 messages to people for a given session, and I sure as hell try to make sure I'm getting something back for the messages I'm sending. Which means they only go out to people who are listed in the game as playing the game.
Previously unpublished perhaps, along with a lot of other trivial things. It's a bad programmer who trusts the user's system to tell the truth about such things as the system time.
Having said that, I have a number of instant messages sat on Skype which appear to be from the future because I reset my PC's BIOS and failed to notice that the clock setting was in 'merkin format (mmddyyyy) until I'd been using it for a few hours. I mean seriously, who came up with that? It's like telling the time with the seconds between the hours and minutes. And honestly, why does Skype not timestamp messages with a server time?
They say tomayto, you say tomahto
It's because Merkins say a date as "January first" while we Limeys says "The first of January".
The irony of course is that Independence Day is "The Fourth of July".
El Reg readers know that the Americans are right to put month before day, it's just that they have the year position wrong.
you can get free extended demos in some apps (on PC) by setting the clock forward a few years when you install then resetting back to normal after installation.
"you have 34563 days left before the demo expires" :)
Re 'merkin date format
Be glad you only had some messages from the future. After a similar incident my anti virus software kept violently knocking my head for being totally out-of-date...
Us 'ere Limeys also say "ten past five" for a time, but we don't write it as "10:17"
I would hope
"Us 'ere Limeys also say "ten past five" for a time, but we don't write it as "10:17""
<sarcasm> I would hope that we don't write "ten past five" as "10:17". I'm kind of hoping that we write "ten past five" as "5:10". </sarcasm>
Of course, I might have just been doing it wrong all these years.
@I would hope
"Ten past five" -> 5:10 PM -> 17:10 -> 10:17
Is there a "failed to spot the joke" icon?
> <sarcasm> I would hope that we don't write
> "ten past five" as "10:17". I'm kind of hoping
> that we write "ten past five" as "5:10". </sarcasm>
Ironically, the Merkins still have "Coroners"!
If the joke needs explaining, it failed.
Frankly, until I read your post I had no idea what the hell he was trying to say.
Quality of tech reporting
At least you didn't stoop to the Beeb's coverage of screaming of the doom of this "security flaw".
I was impressed until I read the detail and realised that I'm sure I did similar things to this in the days when software came with 30 day trials.
i remember doing the same way back and seeing:
[Software Name] 30 day license will expire in 60 days.
Is it really hacking through? Doesn't web games like farmville use the servers date/time also (never used, dont play on using)
I have a trial copy of PSP4.0 on my machine...
..says 'You are on day 1481 of your 30 day evaluation period'.
That version had a non-working expiry function...
The only problem is this 'hack' existed 10-15 years before this person was born. I remember fooling '30 day test' software by setting the clock 5 years into the future before installing.
Yes, but you were older than 10.
The age is the news here. Soon we will have news items for youngest baby sending a txt, youngest sending a txt using T9, etc etc.
When I was ten, I was using disk editing software to hack the text labels in program binaries. On an Amstrad.
This both illustrates my age, and extreme geekiness...
Ah the old days...
Ah yes... At the same age I was rewiring the joystick port of my TI-99/4A to connect it to under carpet pressure pads I had made from tin foil, bubble wrap and bin liners, so that my intruder detection program could sound the alarm and log entry and exit from my bedroom for when my horrible little brother came to nick stuff off me. lol.
I also "invented" a new limitless power supply for street lights for my toy cars, using bell wire, 1.5v torch bulbs and a mains power cassette recorder lead... this was slightly less successful, as shoving the bare ends of bell wire into 240v mains had the effect of vaporising said torch bulbs instantaneously. You live and learn. Kids eh!? :-D
My first "hacking" attempts were on an Amstrad, using a curious gadget called a Multiface.
i did the same thing...
...but a few years later on an amiga. changed all the planet names etc on frontier:elite2 to humorous words. also the intro credits. that was pretty cool
deksid got me into "hacking" (worked fine as long as the CRC was unchanged), which i very rarely see anymore in my professional life as a contractor. hit the hex dude!!!!! :)
i 'hacked' a football manager game on the spectrum 128 so I had a limitless cash to build my team.
More recently (10 years ago) i created a champions league patch for the PSone emulator on PC playing one of the first versions of PES, using hexedit, I altered all the players, and built new 3d stadia by directly editing the hex to move the 3d polygons around, remember doing a new Villa Park.