Five year old discovers major Xbox Live security flaw

By  | 

Kristoffer Von Hassel, from San Diego, a five year old little boy has uncovered an Xbox One password security flaw while trying to hack into his father’s Xbox Live account.

Kristoffer has made it to the Microsoft’s list of “security researchers,” who “helped make Microsoft online services safer by finding and reporting security vulnerabilities.”

Kristoffer in an interview with ABC News, said:

I was like yea!
I got nervous. I thought he was going to find out.
I thought someone was going to steal the Xbox.

The kid’s father Robert Davies, who works as a computer security specialist, had put a password on his Xbox Live account so that the 5-year-old kid could not access it when he wasn’t around.

Kristoffer, however, while trying to access his father’s account eventually gained access to it without knowing the right password.

Kristoffer did not succeed in his first attempt, but entering a wrong password pulled up a second verification screen. This time Kristoffer discovered that by simply pressing the space bar to fill up the password field and hitting enter, he was able to access his father’s Xbox Live account.

“How awesome is that?” asked Davies, who works in online security himself. “Just being 5 years old and being able to find a vulnerability and latch on to that. I thought that was pretty cool.”

Microsoft, with the report of vulnerability from Davies, quickly solved the issue. The company also decided to reward the child with the title of “security researcher” on their website as well as 4 games, £30 ($50), and a year-long subscription to Xbox Live.

Kristoffer’s name has also been included on a page that honors those who have discovered issues related with Microsoft products.

The company in a statement said “We’re always listening to our customers and thank them for bringing issues to our attention.”

“We take security seriously at Xbox and fixed the issue as soon as we learned about it.”