Five-Year-Old Boy Exposes Xbox Security Flaw

Five-Year-Old Boy Exposes Xbox Security Flaw

Meet Microsoft's newest security researcher: Kristoffer Von Hassel. He lives in San Diego. He loves video games. And he's five years old.

He's also a better hacker than any of us. Von Hassel cracked into his dad's Xbox One account by finding a backdoor in the password verification screen, as ABC 10 reports. He entered the wrong password, hit space a few times, and somehow found himself with access to a treasure trove of video games he wasn't supposed to play. Kids these days, am I right?

Von Hassel and his dad reported the issue to Microsoft, and the folks at Xbox not only fixed the issue, but added him to their acknowledgement list as an official Security Researcher. He also gets four free games, $US50 and a year-long subscription to Xbox Live.

Now let's all remember never to make this little guy mad.


Comments

    Why do I have the feeling this is like the security flaw in Win 98 and earlier where passwords (for file shares if I remember right) were only authenticated by their length and not their actual contents.

    Last edited 05/04/14 9:26 am

      Or that exploit using a printer that allows you to completely bypass the login password...

        Was thinking about the printer exploit, so easy to troll teachers back in the late 90's.

    Great start for his portfolio. At 5 Years old i found a backdoor into my dads Xbox Account.

      Awesome little dude, im glade he got free games :D

      good to see parents using the child locks too..even if the are broken lol

      Last edited 05/04/14 10:49 am

    imagine in 10yrs he's on the net going "pfft I've been hacking consoles since I was five" - true for the first time ever haha.

    LOL, if you follow through to the original video the kid says something about PVZ (that he's obviously playing) and the narrator just says "Sometimes they don't understand what he says".

    All the kid do was press buttons. There are many exploits like this left open with many programs and websites.
    If someone uses an account in a web-browser and it only saves the email what you can sometimes do is press enter then enter again when it fails and will log in. As like most exploits they are found by mistakes b ut the only reason this new report was done was due to the kids mum blabing

    Not really a surprise is it that a 5yo can defeat security on code written by those with the mind of 4yo for those with the mind of s 3yo to play.

    I'm actually surprised that kids aren't being used more to test these kinds of things (Yes, I know. Pesky child labour laws). As adults, we tend to lose a lot of the creativity we had as kids and become more prone to accepting things as they are, while kids are often better at thinking of all these ways of circumventing things or coming up with creative solutions to problems.

      Well, there's this, but on the other hand this isn't the result of some sort of creativity or thinking up a way to circumvent things, he was essentially just a monkey banging on a keyboard and got lucky

    Pfft. I know kids who build more than 30 iphones before lunch.

Join the discussion!