Spot The Bug challenge 2015 briefing


Securify received the following message:

*We from the company Hugsoft have created special HugDrones® to satisfy our costumers’ needs. While the drones are still in their test-phase (blades cutting off fingers, etc), they already got hacked by a hacker named Lamius. Somehow Lamius retrieved the secret key for the user interface, and he's programming all drones to shout at people. Please help us!

You'll find the source code in the secure drop zone. Please perform an amazing code review so our system will never get hacked again! We'll give you a drone.*

Sounds like a job for you? Find out how Lamius retrieved the secret key. Also, report any other bugs or design flaws you encounter in the source code . This is the only source file Hugsoft will disclose.

Submit your report to The best code review will win a Parrot AR. Drone 2.0 Elite Edition! The winner and a contest analysis will be published on this blog after the contest.

Happy hacking!

Additional information

Want to stay informed about Spot The Bug challenges? Then subscribe to our mailing list by sending an email to You'll receive information about the status of current and future challenges.

Feedback or questions about this challenge can be directed to

The deadline for submitting reports is December 1st, 2015 12:00 AM UTC.

Questions or feedback?