Monday, August 08, 2011

10 year old girl hacker CyFi reveal her first zero-day in Game at #DefCon 19

Another awesome day at DefCon 19 . Today a 10 year old Girl hacker - pseudonym CyFi revealed her zero-day exploit in games on iOS and Android devices that independent researchers have confirmed as a new class of vulnerability. The 10-year-old girl from California first discovered the flaw around January 2011 because she "started to get bored" with the pace of farm-style games.

About CyFi :
She is cofounder of DEFCON Kids. CyFi is a ten-year-old hacker, artist and athlete living in California. She has spoken publicly numerous times, usually at art galleries as a member of “The American Show,” an underground art collective based in San Francisco. CyFi’s first gallery showing was when she was four. Last year she performed at the SF MOMA Museum in San Francisco. DEFCON Kids will be her first public vulnerability disclosure. CyFi’s has had her identity stolen twice. She really likes coffee, but her mom doesn’t let her drink it.

CyFi said, "It was hard to make progress in the game, because it took so long for things to grow. So I thought, 'Why don't I just change the time?'" Most of the games she discovered the exploit in have time-dependent factors. Manually advancing the phone or tablet's clock forced the game further ahead than it really was, opening up the exploit.

CyFi said that she discovered some ways around those detections. Disconnecting the phone from Wi-Fi made it harder to stop, as did making incremental clock adjustments. CyFi's mother, who must remain anonymous to protect her daughter's identity, told at the end of CyFi's presentation at DefCon Kids that they would offer a $100 reward to the young hacker who found the most games with this exploit over the following 24 hours. The reward is sponsored by AllClearID, a identity protection company that is also sponsoring the DefCon Kids.

CyFi revealed that she was only a little bit nervous about having to speak in front of the 100 or so expected attendees. She admitted that while it was probably different publicly speaking about a topic with such a specific focus, it would be hard for her to imagine what those differences might be. "Well, I haven't done it yet," she said.

Source: The Hacker News

ROOTCON is managed by like minded InfoSec professionals across the Philippines.
All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.