Three German IT Professionals and Ethical Hackers have manipulated the Fast Food Chain’s mobile application for ordering using vulnerabilities and loopholes which could generate free burgers, chips and drinks.
First Security Loophole—Survey Based Coupons
The researchers Lenny Bakkalian, Mats Tesch and David Albert researched about McDonald’s app and found a couple of vulnerabilities which could generate free coupons and orders at the house’s expense. According to the Vice they found the vulnerability in ordering system which allowed coupon generation based on survey.
The hackers found the serious security hole within the app in November, the reason for reaching these security holes was Albert’s research interest, he analyzed the survey website of the fast-food group with the highest turnover worldwide. Using a software program he developed himself he was able to automate the survey responses which gave him almost infinity coupons as a reward.
The Researcher Was Able To Automate The Survey Using His Software Which Gave Him Unlimited Beverage Coupons As a Reward.
Second Security Loophole—Coupon Generator
The researchers were also able to find another security hole within the app, the voucher generator was also vulnerable, the hackers were able to generate illegal coupons right from the voucher generation system which could provide an unlimited number of burger orders. The hack was tested at the Hamburg branch with the consent of branch management. The hackers were able to generate 15 burger orders worth 106 Euros.
The Hackers Were Able To Generate 15 Burger Orders Using Coupon System Vulnerability
The researchers actually manipulated data packets via their own proxy server, the orders via McDonald’s app and final invoice amount was changed by the developers. The developers proved App vulnerabilities to the management which were closed later after two weeks.