Hacker Explains How He Tricked the Domino’s App into Delivering Him Free Pizza
For the technologically savvy, the Domino delivery app makes ordering a pizza extremely convenient. But if you’re super technologically savvy, it can also make your pizza free.
Earlier this week, UK-based computer security researcher Paul Price recounted on his blog the time he discovered how easy it was to hack Domino’s Android app and score a free pie. To hear him tell it, “After sifting through the apps source code I notice that the code is generated server side via an API call. I fire up a proxy (Burp) to monitor the web traffic between my phone and the Domino's API server and run through the order process. Something immediately catches my eye... The Domino's app itself was processing payments client side via a payment gateway.”
Okay, maybe hearing Price tell it isn’t that exciting. It’s not quite as intense as “the call was coming from inside the house!” Still, Price says it wasn’t hard for him to swap some values around and, 40 minutes later, have a free pie showed up at his door.
A few important caveats: First, the incident happened three years ago. And second, Price, motivated more by curiosity than greed, says he ended up paying for the pizza. But most importantly, for any future free pizza seekers out there, a Domino’s spokesman recently told Forbes that the pizza giant “discovered this issue last year during one of our frequent reviews. We are pleased to say it was resolved very quickly.”
Still, for those of you who think a career in computer security isn’t rewarding, let me ask you this: Is a free Domino’s pizza rewarding? Actually, don’t answer that.