Child finds flaws in mobile games

Defconkids logo, Defcon The hacker conference now has a series of sessions aimed at a new generation of tinkerers

Related Stories

A novel class of security problems have been found lurking in many mobile games by a ten-year old hacker.

Going by the handle CyFi, the hacker presented her findings at the DefCon hacker conference held in Las Vegas.

She found that advancing the clock on a tablet or phone can, in many games, open a loophole that can be exploited.

CyFi discovered the bug after getting bored with the pace of farming games and seeking ways to speed them up.

Find and fix

Many farm-based games force players to wait hours before they can harvest a crop grown from virtual seeds. As a result CyFi, who has not revealed her real name, started fiddling with the clock on her handset to see if she could produce crops more quickly.

While many games detect and block clock-based cheating, CyFi found ways round these security measures. Disconnecting a phone from wi-fi and only advancing a clock by small amounts helped to open up the loophole as it forced the game into a state not tested by its original creators.

Details about what this bug opens up have not been revealed but such flaws are often used to let an attacker run their own code and get access to useful or saleable data.

CyFi's discovery has since been verified by independent security researchers.

The exploit has been found to work in versions of games for both Apple and Android gadgets. Exactly which games are vulnerable has not been revealed to give their creators time to fix them.

CyFi gave a presentation about her findings at DefCon Kids, the first meeting at the larger DefCon Con hacker conference, aimed at younger people who are interested in tinkering with hardware and software.

A sponsored session at DefCon Kids gave a cash prize to the youngster who found the most games suffering this loophole in 24 hours.

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.