Researcher Ordered Free Pizza, Through Domino’s Android App!

How will you feel, if you are hungry and then you got a free pizza from Domino’s? It sounds really good. A security researcher had done this while he was at his home in United Kingdom. Paul Price is the name of that security researcher who was doing research on the official Android App of Domino’s.

How he did it?

According to Paul Price, Domino’s is using a weak authentication process in payment processing method. The Payment Gateways used by Android App of Domino’s are processing all the payments through the client side. When he entered the payable amount through their payment submission form, he successfully changed the numbers of his credit card and amount because he was able to read the payment process at client side. Servers of Domino’s were not verifying the requests and references, which were coming from the client side. After that manipulation of the servers was not a difficult task for Paul and he successfully order a free pizza.

Response of Domino’s

After finding this security issue in Android App, Paul reported it to Domino’s. This security issue has been fixed by the Domino’s now. Paul Price told that, it is not an easy task to exploit this security bug but expert hackers can do it after understanding it. There was a process to exploit this security issue and little things played a vital role in it. For example, when to change the numbers, how many seconds you have to stay etc. Now Domino’s have shifted this payment process to server side in their Android App.

Paul Price frankly said,” I have saved million dollars of Domino’s. I have also paid them for that free pizza which I had ordered”.