Microsoft’s Youngest Security Researcher Is A 5-Year-Old Kid Who Hacked Into Xbox
Whenever any hardware goes on sale, it is thoroughly tested at different levels. However, a 5-year-old boy found a major flaw in Microsoft’s Xbox security system, which was missed by biggies.
By Sadho Ram — 08 Apr 2014, 06:42 AM — Updated over 10 years ago
Recently, Microsoft received a tip about a security flaw uncovered by an unlikely source: a 5-year-old boy
Kristoffer Von Hassel, of California, had found a simple but clever way to hack into his father's Xbox Live account. The boy has the gaming world's attention after he exposed the security flaw.
computerworld.comHis parents noticed shortly after Christmas that "he was playing games he wasn't supposed to be playing on an account that he shouldn't have been able to access"
Kristoffer's parents noticed earlier this year that he was logged into his father's Xbox Live account and playing games he was not supposed to.
cnn.comKristoffer hadn't stolen his father's password. Instead, he stumbled upon a very basic vulnerability that allowed him to bypass password verification screen.
The ingenious tot was getting around his father's account password by first typing in a wrong password, then typing only space keys twice and hitting enter when shown a password verification screen, allowing him into the account.
The password allowed him to access not only the games but everything else on the Xbox, including a non-age-restricted YouTube account, his father, Robert Davies, said.
His father praised Kristoffer, saying that his 5-year-old son had no help in accessing his personal account
Despite some who insist that Kristoffer must have had help, Davies said his son indeed accessed the Xbox account on his own. Perhaps it was in his genes: Davies is a security engineer at the San Diego offices of ServiceNow, an enterprise IT cloud services company.
techtimes.com
Later, Kristoffer and his father informed Microsoft about the flaw, which resulted in Microsoft not only fixing it immediately but also rewarding Kristoffer in style
Davies, along with his son, reported the bug to Microsoft, which fixed it right away. For his discovery (or, more accurately, for reporting it with his father's help), Kristoffer will receive four games, $50 and a year's subscription to Xbox Live from Microsoft.
cnn.comThe company has even included Kristoffer's name on a list of security researchers who have helped make online Microsoft products safer.
computerworld.comMicrosoft later released a statement, saying:
"We're always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it."
Dwelling on how easy it was for Kristoffer to find the backdoor, Techworm suggests the hole in the system's security may have been left over from developers and testers
Such kind of backdoors are kept at the testing stage to allow the developers and testers to save themselves time from logging in and out. Microsoft seems to have accidentally left open this backdoor entryway when launching the system.
Kristoffer, however, missed out on the USD10,000 bounty Microsoft pays hackers for finding security flaws in Windows software
But if he plays his cards right, his hacking skills might get him a job someday. Some tech companies are known to hire hackers who can break through security. Facebook, for example, in 2011 hired the hacker responsible for jailbreaking both the iPhone and Playstation 3.