German Hackers Hacked McDonald’s App Allowing Free Burgers and Chips

Three German IT Professionals and Ethical Hackers have manipulated the Fast Food Chain’s mobile application for ordering using vulnerabilities and loopholes which could generate free burgers, chips and drinks.

First Security Loophole—Survey Based Coupons

The researchers Lenny Bakkalian, Mats Tesch and David Albert researched about McDonald’s app and found a couple of vulnerabilities which could generate free coupons and orders at the house’s expense. According to the Vice they found the vulnerability in ordering system which allowed coupon generation based on survey.

McDonald’s Faces Backlash For Serving Halal Meat In India

The hackers found the serious security hole within the app in November, the reason for reaching these security holes was Albert’s research interest, he analyzed the survey website of the fast-food group with the highest turnover worldwide. Using a software program he developed himself he was able to automate the survey responses which gave him almost infinity coupons as a reward.

Read More : The 9 Best Apps For Your Mechanic Shop Technicians

The Researcher Was Able To Automate The Survey Using His Software Which Gave Him Unlimited Beverage Coupons As a Reward.

Second Security Loophole—Coupon Generator

The researchers were also able to find another security hole within the app, the voucher generator was also vulnerable, the hackers were able to generate illegal coupons right from the voucher generation system which could provide an unlimited number of burger orders. The hack was tested at the Hamburg branch with the consent of branch management. The hackers were able to generate 15 burger orders worth 106 Euros.

The Hackers Were Able To Generate 15 Burger Orders Using Coupon System Vulnerability

The researchers actually manipulated data packets via their own proxy server, the orders via McDonald’s app and final invoice amount was changed by the developers. The developers proved App vulnerabilities to the management which were closed later after two weeks.