A 10-year-old California girl’s presentation at a hacker conference in Las Vegas is getting a lot of attention.
The girl, who uses the pseudonym “CyFi,” revealed a zero-day exploit in games on iOS and Android devices that independent researchers have confirmed as a new class of vulnerability, reports CNET‘s Seth Rosenblatt.
Zero-day exploits are used or shared by attackers before the developer of the target software knows about the vulnerability.
The girl first discovered the flaw earlier this year because she was bored with the pace of farm-style games.
While CyFi isn’t revealing which games are affected, most of them have time-dependent factors. She opened up the exploit by manually advancing a phone or tablet’s clock to force a game ahead in time. Some games block such a trick but the young hacker says she found ways to avoid those detections such as disconnecting the phone from Wi-Fi and making incremental clock adjustments.
CyFi’s presentation was part of DefCon Kids, a new offshoot of the annual hacker convention that features an area where kids can learn how to do things like open master locks, do certain kinds of hacks, code in scratch, and communicate in code.
While her presentation at DefCon was her first public vulnerability disclosure, CyFi said she was only a little nervous. An artist, Girl Scout, and downhill skier, she has spoken publicly numerous times, usually at art galleries as a member of “The American Show,” an underground art collective based in San Francisco. According to her bio on the DefCon Kids Web site, CyFi has had her identity stolen twice.
Rosenblatt points out that the new DefCon Kids programming reflects that “members of the hacking community are getting older and raising families.”