5yr old exposes serious Xbox One security flaw

A 5-year old boy is perhaps the youngest hacker to breach Microsoft‘s systems – and his parents (and the company) couldn’t be happier.

I got nervous. I thought [Dad] was going to find out.

Last December, Kristoffer Von Hassel worked out a way of logging into his father’s Xbox Live account to play games. His parents, who had set up the built-in passworded parental controls to prevent exactly that, were curious.

Xbox One

Xbox One

Kristoffer did not know his father’s password, so – when faced with the prompt – he consistently got it wrong. However, when the curious 5yr old was faced with a password verification screen, Kristoffer guessed again, and entered spaces into the password box.

This simple command opened a back door into the Xbox One, allowing Kristoffer to bypass the password controls and log in to his father’s account, playing all sorts of forbidden games.

Kristoffer’s dad Robert Davies – who works in computer security – was anything but angry:

How awesome is that! Just being 5 years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.

The bug was soon reported to Microsoft, who rewarded Kristoffer for his cheeky hacking efforts. He’s been given $50, four games and a year-long subscription to Xbox Live. The password hack has been fixed in a recent update, and Kristoffer’s name now appears in a list of Security Researchers.

In a statement, the company acknowledged:

We’re always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it.

When local media asked Kristoffer what he wanted to be when he grew up, his dad suggested a career in computer security. Kristoffer had something slightly different in mind: He wants to be a gamer.

Tags: , , , , , ,

Facebook Google+ Linkedin Pinterest Reddit Stumbleupon Tumblr N4G Twitter