A 10 Year Old Girl Scout Exposed Zero-Day Vulnerabilities In Some Of iOS’s Most Popular Games


These adorable Girl Scouts haven't hacked anything. They just sell cookies.
These adorable Girl Scouts haven't hacked anything. They just sell cookies.

A button-cute 10 year old girl may have just set a new prestigious record. It’s not for the largest number of consecutive jump rope skips, or for chewing a piece of gum for the longest time, or even for collecting the most Facebook friends. It’s for identifying a zero-day exploit in a number of iOS and Android games! Isn’t that cute?

The adorable young hacker goes by the pseudonym CyFi, and she presented her exploit at this year’s DefCon convention… specifically in a new offshoot called DefCon Kids. This is her:

The exploit itself is pretty simple. Bored with the pace of various farm-style games, CyFi figured out that the games could be exploited by manually advancing an iPhone or iPad’s clock to speed the game ahead in time. Since iOS and Android have automatic time-correcting features, she accomplished this by turning off the device’s internet connections and making incremental clock adjustments.

I have to smile, because this exploit is one that I used to use myself back in my old PC gaming days. I remember the FPS game Rise of the Triad had various easter eggs that triggered on certain holidays, and could be exploited by changing my PC’s system clock. You might be tempted to scoff, but I’m pretty sure similar tinkering is the first step on becoming the next Comex or Geohot.

When she’s not hacking Farmville, CyFi spends her time making art, being a girl scout and downhill skiing. She’s also apparently had her identity stolen twice.

[via Cnet]

  • Brent Henry

    Ludicrous Gibs.

  • lls43
  • tiresius

    But how many Girl Scout cookies did she sell last year?

  • David

    I’ve been doing this for ages with Apps like Tiny Tower… didn’t know this needed to be “discovered”

  • Andrew

    I agree David.. my 7 year old daughter has been doing this with the Smurfs app for months now.

  • antonymity

    i did this with the nintendo ds’s ‘the world ends with you’ to level up my pins. the game tells you that they gain xp for up to 7 days when you don’t play the game, so i instantly turned off the ds and started advancing the calendar 7 days over and over :P

  • allanrob

    Nice to see some real hacking talent, not stupid antics from those anonymous lulzsec idiots.

  • CharliK

    People are giving this girl way too much credit. She figured out if you change the time on your mommy’s iPhone some games will jump you ahead. Guess what? Thousands of users already figured that out. Months ago

    Now if she figured out how to actually go in and change game code, that might be something. Or if she made an app to help folks find where they could go to buy their cookies, that might be something. 

    But what she did is not a hack or even really an exploit worth this much attention

  • YegBry

    You know game full-game trials? Yeah… many of those worked the same on my computer when I was a kid.  change the clock on the computer and poof, 30 days my ass!

  • wayzom

    What a weird story.. Her identity was stolen… I am sure that was really valuable to someone.

  • Haroh Garcia


  • Zulvianes Budiman

    Too exagerated. 

  • baby_Twitty

    i lulzed.

  • facebook-100000670318505

    really i have done that since day one but cute

  • GDal

    How is this news?

    Name a ten year old kid twenty years ago who didn’t do this with his PC games? As one guy mentioned here, ROTT. How about those Melissa virus infections that were triggered on a certain date? How did they test that? Advance the clock..

    This is not a Zero-day hack, nor is it a vulnerability. It’s an exploit of poorly written software.

    Major journalistic fail!

  • GDal

    Ian Paul Freeley…

  • vipshopper
  • KaosuM

    Sounds like you just mad at a little girl because you didn’t get publicity like she did for this exploit.

  • CharliK

    I didn’t get it because I didn’t ask for it. It’s such a basic cheat it’s not worthy of this kind of “Oh my gosh, she’s a 10 year old super hacker” press. 

    She figured out how to cheat a game, big deal. NOT. Now the 10 year old hospitalized kid that learned how to write an iPhone app and made a game that was a huge success AND he gives all the money to charity, that’s worth some attention. If she’d done that she could have also gotten herself a merit badge or two

    Basically this is a case of mom and dad wanting to have their 15 minutes by parading around their little princess for the cute trick she did. Which wasn’t that cute or much of a trick. 

  • GooneyGooGoo

    Yes, but did anyone see this?


  • Excalibur025

    We’ve all been doing this for years… it’s not a hack, and it’s not that amazing.

  • Nutz320

    I was expecting something, yaknow, newsworthy…