Hackers manged to get free Pizzas due to flaw in the Domino’s pizza app and they ordered pizza without paying any amount. UK based cyber security consultant, Paul Price unearthed the trick for free pizza,and he discovered a computer bug which affected Domino’s app on Google and he was able to order pizzas for free.
Hackers Got Pizza For Free Due to Flaw in Dominos App
Paul Price ordered pepperoni, mushroom and pineapple via the app, then he planned to dig around the source code, his blog stated. After this, he uncovered the peculiar and easily exploitable payment process.
He was able to hack the system easily as he entered fake debit card information [Visa 4111111111111111], and then stopped the traffic between his smartphone and Domino’s computer severs and then tweaked the data which displayed error message. In short, he wrote the code to read “accepted” rather than “declined”, once doing this his order was successfully placed.
“Errr, what? It looks like my order was placed without a valid payment. Surely this is an oversight/edge case and Dominos’s will have back office checks in place before physically starting to prepare my order… right?” states Price on his blog.
Price wasn’t sure whether the strategy followed by him will work or not, in order to clarify the doubts he contacted the store, they told him that his pizza is under process and will be delivered soon. His order underwent from “Order to “Prep” and the finally to “Baking” He was desperately waiting for this order to reach at his doorsteps. He writes “My first thought:awesome. My second thought: shit.”
When the delivery boy handed over the pizza to him, he explained that there must have been some problems with the order as he never entered his debit card credentials, he then paid courier boy £26 in hand for the pizza order.
Domino’s IT head, Rod Brooks told Motherboard in statement that “We take security extremely seriously and discovered this issue last year during one of our frequent reviews. We are pleased to say it was resolved very quickly,”
This is not the first flaw which allowed free orders for Pizza, earlier in march 2009, the Domino’s mistakenly provided 11,000 for free due to a bug in their website.
However, it is not clear that how many pizzas hackers placed due to this bug.