A security consultant from the UK named Paul Price found a bug in the UK version of it applicationof Pizza Domino that allowed him to order a pizza and not pay for it.
Price found that the application's API for processing the payments δεν λειτουργούσε σωστά, επιτρέποντας σε χρήστες με αρκετή τεχνογνωσία να ξεγελάσουν την εφαρμογή ώστε αυτή να αποδεχθεί άκυρες πληρωμές, κατ ‘ουσίαν, επιτρέποντάς τους να παραγγείλουν πίτσα free.
The app accepted the invalid payments as paid and so did the rest procedure continued to deliver your order to your door.
The investigator of course did not take advantage of the security gap and informed the company Domino which directly corrected the error.
But the moral lesson of the story is that there are many applications out there with defective APIs.
Τα bugs στα APIs ήταν εν μέρει υπεύθυνα για το μαζική παραβίαση της εταιρείας παιχνιδιών VTech , η οποία άφησε εκτεθειμένα τα προσωπικά data million parents.
But just a few weeks ago, security researchers Troy Hunt and Scott Helme showed that hackers could cause chaos in Nissan's electric cars by activating AC and draining the battery of the car. The company was forced to disable the app to fix the bug.
