Child hacking prodigy highlights mobile-gaming flaw
A ten-year-old girl has uncovered a security flaw hidden in mobile games, revealing a zero-day vulnerability that could affect countless phones.
The hacking prodigy – going by the name CyFi – showed off the exploits at the Defcon for Kids event she helped organise to coincide with the annual hacker conference.
According to a BBC report, the girl uncovered the weakness when she got bored of waiting for things to “grow” in farming games, and tried to work on effectively speeding up time.
Details of the hack remain sketchy because CyFi has told the companies concerned that she will not make details public until a fix has been created.
However, she revealed that by turning off Wi-Fi and moving the handset clock forward in slow increments to circumvent anti-cheating measures, she could open up other loopholes that could potentially be used to execute code on the handsets.
She said the vulnerability applied to both Apple and Android handsets, but didn’t reveal exactly which games were at risk.
In the UK, meanwhile, an unnamed student has landed his or her school in hot water with the Information Commissioner’s Office (ICO) after a hack left 20,000 people’s personal details exposed, including more than 7,000 students at Bay House School in Hampshire.
The hack happened in March and involved one of the school’s students, the ICO said, exposing pupils’ names, addresses and photographs as well as sensitive information relating to their medical history. Parent and teacher details were also compromised.
According to the ICO, the school website was initially compromised by a member of staff who had used the same password to access both the school’s website and data management systems.
The password was subsequently discovered during the original hacking incident and then used by a pupil to access other parts of the system.
According to the ICO, the student records included those of alumni, which accounts for the huge number of individuals whose data was data exposed.