Tuesday, 9 August 2011

DefCon Kid Hacker Uncovers Zero-Day Exploit

 A number of media sources have made light of DefCon's "Kids Village", but a 10-year old hacker discovered an entire class of vulnerabilities and presented her findings as well or better than most of the conference's attendees.
The hacker goes by the handle CyFi, and she co-founded "DefCon Kids Village" -- a series of presentations for 60-odd aspiring hackers aged 8-16 who attended the conference in Las Vegas. The theme for the first year of the Kids Village was responsible hacking...although admittedly, some of the "white hat" skills demonstrated included lock picking and various Google hacks.
CyFi's own presentation was called "Apps—A Traveler of Both Time and Space, And What I Learned About Zero-Days and Responsible Disclosure." In it, she demonstrated how she could manipulate the clock on her cell phone to fool apps into thinking that more time had passed -- but there are a few other steps that CyFi, in the spirit of "responsible disclosure", did not spell out for the listeners.
"I'll show a new class of vulnerabilities I call TimeTraveler," CyFi's summary read. "By controlling time, you can do many things, such as grow pumpkins instantly. This technique enables endless possibilities. I'll show you how...Thank you AT&T, DEFCON, EFF and Lookout!!!!! :)"
The pumpkins were part of a social farming game that can be found on iOS and Android devices. Their slow growth (and CyFi's impatience) was the catalyst for the hacker's coding experiments. CyFi discovered that the code and clock alterations enable any number of changes to occur instantly within the framework of the game -- thus, the "new class of vulnerabilities".
In the true spirit of DefCon, CyFi di not divulge her 'real' name. Nor did she mention the names of the games that she'd hacked (i.e., "responsible disclosure"). However, she did proudly admit to being a "a ten-year-old hacker, artist and athlete living in California" who "really likes coffee, but her mom doesn’t let her drink it."

By James Lee Phillips, who is a Senior Writer & Research Analyst for IBG.com. With offices in Dallas, Las Vegas, and New York, & London, IBG is quickly becoming the leading expert in Internet Marketing, Local Search, SEO, Website Development and Reputation Management

No comments: