Most people would go to great lengths to get some free pizza but one hacker didn't have to do much to get his slice of the action after finding a flaw in the Domino's pizza app that let him order without paying a penny. Paul Price, a cyber security consultant from the UK, had discovered the formula for free pizza after a brainwave hit him whilst tucking into his favourite fast food.
He realised that, after each order was placed, the pizza chain would sometimes send customers a voucher for money off the next order. Price wanted to know how this voucher was randomly generated so he fired up a piece of software to look into the workings of the source code of Domino's app.
Within minutes, he stumbled upon a glaring flaw in the system that processed payments on the client side of the app, rather than hidden on the server side away from anyone who could tinker with the code. Price explains on his blog that he decided to give the vulnerability a test with a made up Visa debit card number and was simply able to change a line in the code to 'accepted' rather than 'declined' and, voilà, an Americano was on its way to the oven.
Price couldn't believe the easy hack had worked and was astounded to see his order in the making on his mobile phone app – he even phoned the store to confirm his order and they said it would be with him within 20 minutes.
Despite the temptation to take advantage of this tasty trick for an indefinite supply of free pizza, Price's conscience kicked in to do the right thing and he explained to the delivery driver that his card didn't work and handed over the cash amount.
Price contacted Domino's to flag up the fault and the bug is now resolved. Sorry hungry hackers, it's back to ramen noodles for you.