DefCon, the long-running, annual hacker conference in Las Vegas, lowered its age restrictions this year for the inaugural "DefCon Kids Village."
Roughly 60 young hacker-wannabes aged eight to 16 were mentored in the arts of "white hat" hacking, or hacking in a responsible manner, this past weekend. They listened to talks by Black Hat and DefCon founder Jeff Moss, a.k.a. "The Dark Tangent," Steven Levy, a writer for Wired, and Johnny Long, best known for using Google Search to discover security loopholes. The kids were taught how to open Master locks, Google hacking, social engineering, coding in Scratch, and more.
CyFi, a ten-year-old Girl Scout and DefCon Kids co-founder from California, presented her findings on an exploit in an unnamed social game. She began tinkering with the code after growing impatient with the game's slow place, and discovered that by disconnecting her phone from Wi-Fi and re-setting the clock forward in small increments, she could fast-forward many of the actions in the game, "a new class of vulnerabilities" she dubbed "TimeTraveler."
CyFi presented her findings at a talk called "Apps—A Traveler of Both Time and Space, And What I Learned About Zero-Days and Responsible Disclosure."
"The world of apps has obviously not thought about security yet," read the presentation summary. "Here is an important lesson they can learn from a Girl Scout. I'll show a new class of vulnerabilities I call TimeTraveler. By controlling time, you can do many things, such as grow pumpkins instantly. This technique enables endless possibilities. I'll show you how. Wanna play a game? Let's find some zero-days! (Cuz it's fun!)"
In the spirit of responsible disclosure CyFi did not publicize the names of the apps she'd cracked in order to allow the companies affected time to fix the vulnerabilities.