14 DAY TRIAL // A 10-year-old girl revealed a new class of vulnerabilities in mobile games at DEFCON Kids, a hacker conference for children between the age of 8 and 16.
The young girl who uses the hacker handle CyFi, keeps her true identity secret because it has already been stolen twice until now.
According to the DEFCON Kids website, CyFi is one of the conference's co-founders. She is also an artist and athlete and has spoken publicly before at art galleries.
The vulnerability found by the young hacker affects time-dependant games like FarmVille. Tired of waiting for actions to complete, like crops maturing over a matter of hours, CyFi tried to trick the system.
She began by setting the clock of her device forward, but games have built-in mechanisms to detect such obvious changes. However, she then started to find ways around those checks.
Apparently changing the time in small increments is able to bypass the detection in some cases and disconnecting the Android or iOS device from Wi-Fi also helps.
CyFi notified the affected vendors and hasn't released their names in order to prevent abuse as the vulnerability was still considered zero-day at the time of its disclosure at DEFCON Kids.
In fact, an identity protection company called AllCearID, which sponsors the conference, offered an $100 reward to the youngster who manages to find the highest number of vulnerable games in a 24-hour interval.
Even though CyFi's discovery is not technically sophisticated, it does stand to show that kids today are becoming interested in cyber security at very early ages. The existence of DEFCON Kids, which is at its first edition, is also a testament to that.
Back in October 2010, Mozilla paid a reward of $3,000 through its bug bounty program to a twelve-year-old boy who discovered a critical vulnerability in Firefox.