Select a region
Unlimited free pizza may sounds like your food-dream come true, but we seriously don’t want you to try this at home.
An IT security consultant bagged himself a free pizza (well, almost) after inadvertently stumbling on a bug in the UK version of the Domino’s food-ordering app.
In a detailed blog post, Paul Price described how he manipulated a few lines of code to get the meal delivered to his doorstep for FREE.
Price discovered there was something odd about the app’s application programme interface (API) that left the door open for someone with basic coding knowledge to trick the system into thinking a payment had been made.
“The Domino’s app itself was processing payments client-side via a payment gateway,” he wrote.
“This isn’t inherently bad if it has been correctly implemented with the appropriate server-side checks – it’s just bad practice. Usually payments would be processed server-side so that the process is hidden and out of the hands of meddling users.”
After tweaking the code to make it look like he’d paid for his pizza, Price then proceeded to call the store to confirm the order.
However when the pizza arrived, Price decided he didn’t want to con Domino’s after all.
“The pizza arrives and I tell the delivery driver there must have been a mistake with the order as I never entered any card details and wanted to pay with cash,” Price continued. “He happily leaves with £26 and my conscience is clean.”
Price also added a note at the end of his post to say that the fast food retailer has resolved the issue and that “payments are still being processed client-side but they now have the proper server-side checks in place”.
And in a statement to Motherboard, Rod Brooks – Domino’s head of IT – said: “We take security extremely seriously and discovered this issue last year during one of our frequent reviews. We are pleased to say it was resolved very quickly.”
While the glitch may have been rectified, no one will ever know how many hackers stuffed their faces with free pizzas because of the flaw.
