You surely can’t call yourself a master of the 21st century until you’ve successfully hacked your way to a free Domino’s pizza.
Cyber security consultant Paul Price stumbled upon a bug in the British version of the fast food chain’s app. The application program interface (API) wasn’t properly processing payments, which meant that people with the appropriate computer skills could trick it into thinking they had made a purchase when they hadn’t.
That’s exactly what Paul, to his surprise, managed to do. You can read his detailed blog on what happened here, but the gist seems to be that after initially having his card declined, he was able to intercept the response and change some values so it would go through.
He writes: “A few minutes pass and the Pizza Tracker changes from ‘Order’ to ‘Prep’ and then to ‘Baking’. I couldn’t bear to wait another 30 minutes to see if an Americano pizza, Chicken Strippers and Chocolate Chip Cookie + Ice Cream side turn up at my door. I called the store and they confirm they have received my order and it will be delivered within the next 20 minutes. My first thought:awesome. My second thought: shit.”
It’s important to point out that Paul is no criminal. He simply wanted to see how easy it would be to hack the system, and wasn’t trying to get out of coughing up the cash for his dinner.
He added: “The pizza arrives and I tell the delivery driver there must have been a mistake with the order as I never entered any card details and wanted to pay with cash. He happily leaves with £26 and my conscience is clean.”
Rod Brooks, Domino’s head of IT, told Motherboard in a statement: “We take security extremely seriously and discovered this issue last year during one of our frequent reviews. We are pleased to say it was resolved very quickly.”
