A novel class of security problems have been found lurking in many mobile games by a ten-year old hacker.Going by the handle CyFi, the hacker presented her findings at the DefCon hacker conference held in Las Vegas.
She found that advancing the clock on a tablet or phone can, in many games, open a loophole that can be exploited.
CyFi discovered the bug after getting bored with the pace of farming games and seeking ways to speed them up.
Find and fix Many farm-based games force players to wait hours before they can harvest a crop grown from virtual seeds. As a result CyFi, who has not revealed her real name, started fiddling with the clock on her handset to see if she could produce crops more quickly.
While many games detect and block clock-based cheating, CyFi found ways round these security measures. Disconnecting a phone from wi-fi and only advancing a clock by small amounts helped to open up the loophole as it forced the game into a state not tested by its original creators.
Details about what this bug opens up have not been revealed but such flaws are often used to let an attacker run their own code and get access to useful or saleable data.
CyFi's discovery has since been verified by independent security researchers.
The exploit has been found to work in versions of games for both Apple and Android gadgets. Exactly which games are vulnerable has not been revealed to give their creators time to fix them.
CyFi gave a presentation about her findings at DefCon Kids, the first meeting at the larger DefCon Con hacker conference, aimed at younger people who are interested in tinkering with hardware and software.
A sponsored session at DefCon Kids gave a cash prize to the youngster who found the most games suffering this loophole in 24 hours.