Microsoft’s Youngest Security Researcher Is A 5-Year-Old Kid Who Hacked Into Xbox

Whenever any hardware goes on sale, it is thoroughly tested at different levels. However, a 5-year-old boy found a major flaw in Microsoft’s Xbox security system, which was missed by biggies.

Cover image via

Recently, Microsoft received a tip about a security flaw uncovered by an unlikely source: a 5-year-old boy

5-year-old Kristoffer Von Hassel

Image via

Kristoffer Von Hassel, of California, had found a simple but clever way to hack into his father's Xbox Live account. The boy has the gaming world's attention after he exposed the security flaw.

His parents noticed shortly after Christmas that "he was playing games he wasn't supposed to be playing on an account that he shouldn't have been able to access"

Kristoffer playing games on Xbox

Image via

Kristoffer's parents noticed earlier this year that he was logged into his father's Xbox Live account and playing games he was not supposed to.

Kristoffer hadn't stolen his father's password. Instead, he stumbled upon a very basic vulnerability that allowed him to bypass password verification screen.

An excited Kristoffer, sharing his joy.

Image via

The ingenious tot was getting around his father's account password by first typing in a wrong password, then typing only space keys twice and hitting enter when shown a password verification screen, allowing him into the account.

The password allowed him to access not only the games but everything else on the Xbox, including a non-age-restricted YouTube account, his father, Robert Davies, said.

His father praised Kristoffer, saying that his 5-year-old son had no help in accessing his personal account

Despite some who insist that Kristoffer must have had help, Davies said his son indeed accessed the Xbox account on his own. Perhaps it was in his genes: Davies is a security engineer at the San Diego offices of ServiceNow, an enterprise IT cloud services company.

Later, Kristoffer and his father informed Microsoft about the flaw, which resulted in Microsoft not only fixing it immediately but also rewarding Kristoffer in style

An Xbox one console.

Image via

Davies, along with his son, reported the bug to Microsoft, which fixed it right away. For his discovery (or, more accurately, for reporting it with his father's help), Kristoffer will receive four games, $50 and a year's subscription to Xbox Live from Microsoft.

The company has even included Kristoffer's name on a list of security researchers who have helped make online Microsoft products safer.

Microsoft later released a statement, saying:

"We're always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it."

Dwelling on how easy it was for Kristoffer to find the backdoor, Techworm suggests the hole in the system's security may have been left over from developers and testers

Such kind of backdoors are kept at the testing stage to allow the developers and testers to save themselves time from logging in and out. Microsoft seems to have accidentally left open this backdoor entryway when launching the system.

Kristoffer, however, missed out on the USD10,000 bounty Microsoft pays hackers for finding security flaws in Windows software

Kristoffer, given chance, could well become a good hacker.

Image via

But if he plays his cards right, his hacking skills might get him a job someday. Some tech companies are known to hire hackers who can break through security. Facebook, for example, in 2011 hired the hacker responsible for jailbreaking both the iPhone and Playstation 3.

You may be interested in:

Leave a comment