Spot The Bug challenge 2015 briefing
Securify received the following message:
We from the company Hugsoft have created special HugDrones® to satisfy our costumers’ needs. While the drones are still in their test-phase (blades cutting off fingers, etc), they already got hacked by a hacker named Lamius. Somehow Lamius retrieved the secret key for the user interface, and he's programming all drones to shout at people. Please help us!
You'll find the source code in the secure drop zone. Please perform an amazing code review so our system will never get hacked again! We'll give you a drone.
Sounds like a job for you? Find out how Lamius retrieved the secret key. Also, report any other bugs or design flaws you encounter in the source code. This is the only source file Hugsoft will disclose.
Want to stay informed about Spot The Bug challenges? Then subscribe to our mailing list by sending an email to firstname.lastname@example.org. You'll receive information about the status of current and future challenges.
Feedback or questions about this challenge can be directed to email@example.com.
The deadline for submitting reports is December 1st, 2015 12:00 AM UTC.