back to article 10-year old hacker finds flaw in mobile games

A 10-year-old hacker has won the admiration of her adult peers for finding a previously unknown vulnerability in games on iOS and Android devices. The young girl, who has adopted the hacker handle CyFi, discovered the timing related bug after she got bored with the slow progress of a FarmVille-style games. For example, crops …

COMMENTS

This topic is closed for new posts.

Page:

  1. jubtastic1
    Headmaster

    Hacker?

    Changing the clock is hacking now? Really?

    1. Kurgan
      Thumb Up

      Yes, it is.

      Yes, setting the clock forward to gain an advantage in online gaming is a (simple) hack. If you can make the program behave in an unintended way, you are hacking it. It is hacking as is setting the clock backward to fool "trial" software into a "forever trial" status, for example. Easy, stupid, but still a hack.

      1. This post has been deleted by a moderator

        1. Anonymous Coward
          Anonymous Coward

          A thousand upvotes for you sir

          "Hey guys! I can "hack" my wobbly table by folding up paper and placing it under the short leg!"

          1. Naughtyhorse
            Thumb Up

            wow!!!1!

            madd furniture skilzz dood!

            1. This post has been deleted by a moderator

            2. Inachu
              IT Angle

              Hmmmmmm

              Why are all cafe tables unbalanced anyway?

              Were they hacked?

          2. Anonymous Coward
            Happy

            @ Iron oxide

            Technically, you're not actually hacking the table, since you're restoring it's normal function rather than make it function in an unintended manner.

            Monkey Balmer is good at hacking chairs, incidentally...

            1. Mark 65

              @AC

              "Technically, you're not actually hacking the table, since you're restoring it's normal function rather than make it function in an unintended manner."

              What about if he turned it upside down and used a table leg as a rectal stimulant?

              1. TeeCee Gold badge
                Joke

                @ Mark 65

                "What about if he turned it upside down and used a table leg as a rectal stimulant?"

                That's not hacking, that's IP theft. The Liberal Party Conference in the mid/late '70s holds the IP on that one, according to a well-worn joke circulating at the time....

            2. Anonymous Coward
              Pint

              @AC 14:30 @ Iron oxide

              Which falls under the cover of Reverse Engineering laws in some countries and is therefore protected.

              Of course if you were to fix the same problem by taking an axe to the other three legs, then I think that would have to be a hack(job).

        2. TheRead
          Devil

          RE: RE: Yes, it is.

          Yeah, it kinda is.

          1) The game is not working as intended. It was intended to, after a set amount of real time, set the crops to be at the next level of growth. They didn't have access to real time, so they used system time, which will be close enough. When you change the system time you are changing how it is intended to function. If they wanted you to be able to fast forward time, they probably would have given you a fast forward button.

          2) Cars are not built with hard-coded rules that would deny them from going 71mph, in almost all cases. However, if they were, but you found out that it only prevented you from going above 70 in the top gear (which makes sense, nobody could possibly go above 70 in a lower gear!), but you then realized you could drop it down a gear, rev the engine (much too hard, admittedly, for a low gear) for a second, and then pop it back into the top gear and be clear of the prevention scheme... now that's hacking! Breaking a rule outside the system by hitting a button or stepping on a peddle isn't hacking, but finding a way to bypass a lock that prevents you from hitting the button or stepping on the peddle could be.

          3) Your penis wasn't designed to be unable to receive blowjobs (I'd hope, but you had better clean off anyways just in case).

          4) Because the system has to trust input from the system time, and there's no technical way to avoid this, any hack involving changing the system time isn't really a hack? No! That just means that the system time is an easy attack vector that is hard to defend against!

          5) While it might not be clever for you to change the system time, a child who is but 10 coming up with it is rather clever for her or his age.

          Why should we be admonishing this child as not "really hacking" the system. Encourage it is a great starting point and a simple example of game-breaking, hacking, and lateral thinking, so that we can continue to encourage this child to develop these skills into the future, so that when they are 20 they are able to understand the hundreds of different ways to protect, penetrate, or game a computer system to get a desired effect outside of the standard procedural bounds.

        3. Kurgan
          Pint

          Well, it all depends on the meaning...

          It all depends on the meaning of "hack". I think that changing the clock is still a hack, expecially when dealing with internet-connected, part-server and part-client-side software. If the programmes is a fool and trusts the client's clock, then it's a hack. An easy, stupid hack, but still a hack.

          Then there are really clever hacks, like takign control of the firmware of a NIC remotely and use it to mess wit OS memory using DMA.

          I unserstand that changing the clock is easy and messing with NIC firmware is a truly cool hack, buth I still stand that both are hacks.

          1. This post has been deleted by a moderator

            1. Anonymous Coward
              Facepalm

              Please

              Please enlighten us with your definition of "hack", Mr I Didn't Realize That Servers Had Clocks Or That Getting Around Restrictions Is The Essence Of Hacking. I think we'd all enjoy laughing about it in the pub later.

          2. Anonymous Coward
            Anonymous Coward

            It *is* a hack

            It is a hack, in the true meaning of the word.

            What it isn't is a "crack" - This is a tech site - it's expected readers know the difference between the two.

            If the word 'hack' was on a tabloid news site, it would appear misleading, because of the 'laymans' mis-use of the term.

            You don't have to believe me, just check a dictionary:

            hack [very common] 1. n. Originally, a quick job that produces what is

            needed, but not well.

            1. Anonymous Coward
              Anonymous Coward

              bug != hack

              Its not a hack, its a bug. she found a bug is all.

            2. Bullseyed
              FAIL

              ID 10 T error on AC 23:14

              "You don't have to believe me, just check a dictionary:

              hack [very common] 1. n. Originally, a quick job that produces what is

              needed, but not well."

              Yep, and the dictionary says a window is a hole cut in a wall to allow light in so I don't know what you're talking about windows on a computer for.

              Not sure if you're trolling or just really unintelligent.

        4. LaeMing Silver badge
          Facepalm

          Re "Please, let's not bastardise the work hack"

          Since 'hacking' origionally referred to changing the function of something in a useful (to the haker) but unintended (by the creator) way, but these days it means a specific form of hacking more correctly called 'cracking' to the exclusion of the rest, I think you are a bit late - the 80's called and all that!

      2. Charles Manning

        Well then my son trumps her, and my cat too!

        When he was a few months old my some would mash on the keyboard causing DOS to get hung up. The cat jumped on a keyboard and did this too.

        Both caused the software to act in unintended ways.

      3. Bullseyed
        WTF?

        No, It's Not.

        "Yes, setting the clock forward to gain an advantage in online gaming is a (simple) hack. If you can make the program behave in an unintended way, you are hacking it. It is hacking as is setting the clock backward to fool "trial" software into a "forever trial" status, for example. Easy, stupid, but still a hack."

        No, it is a "bug exploit". Alternatively it is a "clever yet unintended use of game mechanics".

        Hacking involves gaining unauthorized access and/or inserting your own code.

    2. Tom 13

      Changing the clock no.

      Repeatedly changing the clock in small increments so as to circumvent a programmatic method implemented to stop the abuse, yes. Just because it is simple doesn't mean it isn't a hack. In fact, if you go all the way back to the earliest definition as in "an elegant hack" the simpler and more obvious but not thought of, the better.

    3. Anonymous Coward
      Anonymous Coward

      By this logic

      Taking advantage of any implementation glitch in a game would be a hack. Changing the system clock to gain advantage in Farmville is not all that different from skipping most of Ravenholm in HL2 with physics tricks or taking advantage of disappearing sprites in Duke Nukem 3D -- something around when I was ten -- to beat the Cycloid Emperor with very little effort. It shows that you've spend plenty of time playing the things, are reasonably intelligent or at least observant and inquisitive, and have some vague idea of how they work. It is a hack in the sense that you are playing the game in a way unintended by its creators, but it hardly makes you a hacker or your "hack" news. Nonetheless, good going for the ten-year-old and good going for DefCon. Maybe their outreach will interest at least a few more kids in considering careers which are vaguely useful.

  2. Loyal Commenter Silver badge
    Facepalm

    Previously unknown?

    Previously unpublished perhaps, along with a lot of other trivial things. It's a bad programmer who trusts the user's system to tell the truth about such things as the system time.

    Having said that, I have a number of instant messages sat on Skype which appear to be from the future because I reset my PC's BIOS and failed to notice that the clock setting was in 'merkin format (mmddyyyy) until I'd been using it for a few hours. I mean seriously, who came up with that? It's like telling the time with the seconds between the hours and minutes. And honestly, why does Skype not timestamp messages with a server time?

  3. Anonymous Coward
    FAIL

    Erm...no?

    This is not a new discovery. The wife and her family have been doing this for yonks to cheat this kind of game. Saying a 10 year old discovered it seems a bit late.

    Also, this isn't a "vulnerablility". It is a flaw in the game to prevent cheating, but i can't see it as an attack vector.

  4. Kurgan
    Mushroom

    Now, if she could find a way to nuke farms...

    Now, if she could find a way to nuke farms (from orbit, eventually) I'd sign up to farmville just to nuke my friend's farms and make them stop bothering me with "please click here to give me more cows" idiocy.

  5. Ian Yates

    Quality of tech reporting

    At least you didn't stoop to the Beeb's coverage of screaming of the doom of this "security flaw".

    I was impressed until I read the detail and realised that I'm sure I did similar things to this in the days when software came with 30 day trials.

    1. Marvin the Martian
      Mushroom

      I prefer the BBC News version of this article.

      On the BBC it was implied that this would let arbitrary code be run on the system...

      http://www.bbc.co.uk/news/technology-14443001

      (As for the comment above that it indeed is "hacking" in an online game -- note that its obviously NOT an online game here, as that kind of trickery is checked against... it only worked "if shutting down wifi" etc.)

    2. Anonymous Coward
      Anonymous Coward

      They say tomayto, you say tomahto

      It's because Merkins say a date as "January first" while we Limeys says "The first of January".

      The irony of course is that Independence Day is "The Fourth of July".

      El Reg readers know that the Americans are right to put month before day, it's just that they have the year position wrong.

      1. johnnytruant

        ah, but

        Us 'ere Limeys also say "ten past five" for a time, but we don't write it as "10:17"

        1. Anonymous Coward
          Happy

          I would hope

          "Us 'ere Limeys also say "ten past five" for a time, but we don't write it as "10:17""

          <sarcasm> I would hope that we don't write "ten past five" as "10:17". I'm kind of hoping that we write "ten past five" as "5:10". </sarcasm>

          Of course, I might have just been doing it wrong all these years.

          1. ArmanX
            FAIL

            @I would hope

            "Ten past five" -> 5:10 PM -> 17:10 -> 10:17

            Is there a "failed to spot the joke" icon?

            1. Tom 13

              If the joke needs explaining, it failed.

              Frankly, until I read your post I had no idea what the hell he was trying to say.

          2. Anonymous Coward
            FAIL

            oops!!

            > <sarcasm> I would hope that we don't write

            > "ten past five" as "10:17". I'm kind of hoping

            > that we write "ten past five" as "5:10". </sarcasm>

            *woosh* !

      2. Michael Dunn
        Happy

        Irony

        Ironically, the Merkins still have "Coroners"!

    3. Citizen Kaned

      yet.....

      you can get free extended demos in some apps (on PC) by setting the clock forward a few years when you install then resetting back to normal after installation.

      "you have 34563 days left before the demo expires" :)

    4. Anonymous Coward
      Anonymous Coward

      Re 'merkin date format

      Be glad you only had some messages from the future. After a similar incident my anti virus software kept violently knocking my head for being totally out-of-date...

    5. Graham Marsden
      Boffin

      Nuke Farmville!

      Erm, if you mouse over one of those messages and click on the little X which appears in the top right of the message you get a box that lets you "Hide all from Farmville".

      Bravo, you've just nuked all Farmville messages!

    6. Tom 13

      If you can't be arsed to fix the settings on your Facebook profile,

      don't bitch at me for your own idiocy.

      Whether this means just blocking the postings like a geek, or unfriending the people who send you the messages is entirely up to you. Or perhaps you should go in and remove yourself from the game settings. Because the last time I checked, I'm limited to 50 messages to people for a given session, and I sure as hell try to make sure I'm getting something back for the messages I'm sending. Which means they only go out to people who are listed in the game as playing the game.

    7. Blank Reg

      Ancient hack

      This goes back at least as far as the dawn of personal computers, it's not new at all.

  6. Shane8
    Meh

    lol

    i remember doing the same way back and seeing:

    [Software Name] 30 day license will expire in 60 days.

    Is it really hacking through? Doesn't web games like farmville use the servers date/time also (never used, dont play on using)

    1. Anonymous Coward
      Happy

      I have a trial copy of PSP4.0 on my machine...

      ..says 'You are on day 1481 of your 30 day evaluation period'.

      1. Trygve Henriksen

        Doesn't count...

        That version had a non-working expiry function...

  7. Andrew Moore Silver badge

    hmmmm....

    The only problem is this 'hack' existed 10-15 years before this person was born. I remember fooling '30 day test' software by setting the clock 5 years into the future before installing.

    1. Marvin the Martian

      Yes, but you were older than 10.

      The age is the news here. Soon we will have news items for youngest baby sending a txt, youngest sending a txt using T9, etc etc.

      1. Anonymous Coward
        Boffin

        Phooey

        When I was ten, I was using disk editing software to hack the text labels in program binaries. On an Amstrad.

        This both illustrates my age, and extreme geekiness...

        1. Anonymous Coward
          Thumb Up

          Ah the old days...

          Ah yes... At the same age I was rewiring the joystick port of my TI-99/4A to connect it to under carpet pressure pads I had made from tin foil, bubble wrap and bin liners, so that my intruder detection program could sound the alarm and log entry and exit from my bedroom for when my horrible little brother came to nick stuff off me. lol.

          I also "invented" a new limitless power supply for street lights for my toy cars, using bell wire, 1.5v torch bulbs and a mains power cassette recorder lead... this was slightly less successful, as shoving the bare ends of bell wire into 240v mains had the effect of vaporising said torch bulbs instantaneously. You live and learn. Kids eh!? :-D

        2. Thomas 4

          Good man!

          My first "hacking" attempts were on an Amstrad, using a curious gadget called a Multiface.

        3. andy mcandy
          Happy

          i did the same thing...

          ...but a few years later on an amiga. changed all the planet names etc on frontier:elite2 to humorous words. also the intro credits. that was pretty cool

          deksid got me into "hacking" (worked fine as long as the CRC was unchanged), which i very rarely see anymore in my professional life as a contractor. hit the hex dude!!!!! :)

          1. Anonymous Coward
            Anonymous Coward

            hacking

            i 'hacked' a football manager game on the spectrum 128 so I had a limitless cash to build my team.

            More recently (10 years ago) i created a champions league patch for the PSone emulator on PC playing one of the first versions of PES, using hexedit, I altered all the players, and built new 3d stadia by directly editing the hex to move the 3d polygons around, remember doing a new Villa Park.

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019