logo
DATABASE RESOURCES PRICING ABOUT US

Hacking McDonald's for Free Food

Description

This [hack](<https://www.vice.com/en_au/article/4agvdw/mcdonalds-hack-free-food>) was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: > McDonald's receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a month. One day, David happened to be checking out how the website's coding was structured when he noticed that the information triggering the server to issue a new voucher was always the same. That meant he could build a programme replicating the code, as if someone was taking the survey again and again. > > [...] > > At the McDonald's in East Berlin, David began the demonstration by setting up an internet hotspot with his smartphone. Lenny connected with a second phone and a laptop, then turned the laptop into a proxy server connected to both phones. He opened the McDonald's app and entered a voucher code generated by David's programme. The next step was ordering the food for a total of €17. The bill on the app was transmitted to the laptop, which set all prices to zero through a programme created by Lenny, and sent the information back to the app. After tapping "Complete and pay 0.00 euros", we simply received our pick-up number. It had worked. The flaw was fixed late last year.