4.4.14

5-year-old Exposes Xbox One Security Flaw

It's not uncommon for kids to break things. It is, however, pretty special when what they break is the security of a hi-tech video game console.

Kristoffer Von Hassel from San Diego’s Ocean Beach neighborhood is the wunderkind who discovered a security loophole on the Xbox One, reports local news station KGTV.


It happened just after Christmas, when Kristoffer’s father Robert Davies walked in to find his five-year-old son not playing family fave Minecraft, but a more mature game that he wasn't supposed to be able to access as it was tied to his father’s account.

Like most kids who just got busted by dad, Kristoffer's first instinct was dread.

“I got nervous. I thought he was going to find out,” said Kristoffer.

But lucky for Kristoffer, dad happens to work in computer security. He asked his son how he managed to access dad’s Xbox account, so Kristoffer showed him. After entering the wrong password on his father's account, the Xbox defaulted to a password verification screen. Kristoffer simply typed in a bunch of space keys and hit ‘enter’, unwittingly opening up a back door that Microsoft had previously been unaware existed.

"How awesome is that!" said Davies. “Just being 5 years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.”

Definitely cool, but surprising? Not really. Kristoffer, it turns out, has a history of finding back doors in technological gadgets. At the ripe old age of one, he got hold of his father's cell phone and bypassed the toddler lock screen by holding down the home key.

Microsoft has since issued a fix for the error, but not before publicly thanking the boy by listing him as an official security researcher on the company's website. He'll also receive four free games, $50 cash and a year-long subscription to Xbox Live. Not a bad haul for a few minutes work, though Kristoffer figured something much worse was going to happen when his dad reported the error to Microsoft.

"I thought someone was going to steal the Xbox," he said.

3 comments: