Free pizza?! Hacker finds flaw in UK Domino's pizza app
A hacker didn't have to do much to get free pizza when he discovered a flaw in the Domino's pizza app.
Paul Price, a cyber-security consultant from the UK, found a bug in the British version of the app, allowing him to order pizza for free. The app's API was not processing payments correctly, allowing users with enough tech knowledge to toy with the app and trick it to accept invalid payments.
Price gave the vulnerability a test with a made up debit card number and was able to change a line in the code to ‘accepted' and before he knew it, the pizza was being made and delivered.
Despite the temptation to take advantage of an infinite supply of free pizza, Price explained the matter to the delivery driver and paid him for the order he placed on the flawed app.
Dominos has fixed the bug since Price discovered the app flaw. “We take security extremely seriously and discovered this issue last year during one of our frequent reviews. We are pleased to say it was resolved very quickly,” said Rob Brooks, Domino's head of IT.