Some time ago software architect and ethical hacker Paul Price discovered a security flaw in the Domino’s Pizza Android application. Driven by hunger and curiosity he discovered that the flaw could allow him to order as much free pizza, in additional to soda and chicken wings, as he desired. He even tested out his theory and ordered an “Americano pizza, Chicken Strippers and Chocolate Chip Cookie + Ice Cream.” (Pardon the wording of “chicken strippers”, Paul is in the UK.) He made his order using a made up credit card number.

The security flaw was a result of the Domino’s application not verifying the information its app was sending to its server. In other words, Paul was able to send false data to Domino’s which made it appear as if he had placed a valid order with a real credit card. He discovered that the security flaw was legitimate: “It looks like my order was placed without a valid payment. Surely this is an oversight/edge case and Dominos's will have back office checks in place before physically starting to prepare my order... right? A few minutes pass and the Pizza Tracker changes from "Order" to "Prep" and then to "Baking".” 

Being an ethical hacker, Paul did not indulge in a single slice of the ill-gotten pizza, instead choosing to pay the delivery person in cash: “The pizza arrives and I tell the delivery driver there must of been a mistake with the order as I never entered any card details.” Instead, he waited until Domino’s fixed the Android application to reveal his discovery in a blog post.

This is a great example of ethical or “white hat” hacking. A white hat hacker is a security researcher who attempts to break into protected systems to expose vulnerabilities and strengthen security. The negative connotation of the word “hacker” is slowly being displaced by a positive one thanks to people like Paul.