If there’s one connection that was inevitable to happen it would be the joy of home-delivered pizza being paired with the convenience that only the internet can provide. First, it became possible to order pizza direct from a restaurant’s website without having to even place a phone call. And now it’s even easier to purchase a pie online using mobile apps on a smartphone or tablet. While pizza makers have been quick to embrace new technologies, Dominos Pizza might be a little gun shy to jump on the next bandwagon.
Earlier this week, a UK security consultant named Paul Price blogged about an order he’d place with Domino’s using the pizza chain’s Android app. Price was curious to understand more about how the app worked. Using the skills he’d developed as a consultant, he was able to access the app’s source code and watch what it did while processing his order. He was surprised to find that the app was actually handling his payment locally, on his device, as opposed to sending the information to the Domino’s server. By implementing a relatively simple hack, Price was able to circumvent the payment system by sending a signal back to the Domino’s site indicating that his order was paid for when in fact, no payment information was given.
This effectively gave Price the ability to order potentially unlimited amounts of pizza for free! Price contacted the store he’d ordered from and they confirmed that his pizza was baking and would soon be on its way. But honesty got the best of the man, and when his pizza arrived, he informed the delivery driver of the hack, and he paid in cash for the total cost of the order.
Domino’s has since closed the hole in its app that allowed for this exploit. But it did so quite some time after Price alerted the restaurant to his findings. There’s no telling how many others might’ve also discovered the hack and enjoyed free pizzas because of it.