A 10 Year Old Girl Scout Exposed Zero-Day Vulnerabilities In Some Of iOS’s Most Popular Games


These adorable Girl Scouts haven't hacked anything. They just sell cookies.
These adorable Girl Scouts haven't hacked anything. They just sell cookies.

A button-cute 10 year old girl may have just set a new prestigious record. It’s not for the largest number of consecutive jump rope skips, or for chewing a piece of gum for the longest time, or even for collecting the most Facebook friends. It’s for identifying a zero-day exploit in a number of iOS and Android games! Isn’t that cute?

The adorable young hacker goes by the pseudonym CyFi, and she presented her exploit at this year’s DefCon convention… specifically in a new offshoot called DefCon Kids. This is her:

The exploit itself is pretty simple. Bored with the pace of various farm-style games, CyFi figured out that the games could be exploited by manually advancing an iPhone or iPad’s clock to speed the game ahead in time. Since iOS and Android have automatic time-correcting features, she accomplished this by turning off the device’s internet connections and making incremental clock adjustments.

I have to smile, because this exploit is one that I used to use myself back in my old PC gaming days. I remember the FPS game Rise of the Triad had various easter eggs that triggered on certain holidays, and could be exploited by changing my PC’s system clock. You might be tempted to scoff, but I’m pretty sure similar tinkering is the first step on becoming the next Comex or Geohot.

When she’s not hacking Farmville, CyFi spends her time making art, being a girl scout and downhill skiing. She’s also apparently had her identity stolen twice.

[via Cnet]