5-year old exposes Xbox vulunerability; appointed Microsoft security researcher
05 Apr 2014
Microsoft has commended a San Diego boy for his security skills after the 5-year old identified a vulnerability in the company's Xbox games console.
Kristoffer Von Hasssel's parents found him playing games logged into his father's Xbox Live account, which he was not supposed to.
He had not stolen his father's password, rather he stumbled upon a very basic vulnerability that Microsoft has now fixed.
After trying to log in with an incorrect password, Kristoffer was taken to a password verification screen, where he simply tapped on the space bar a few times and on hitting "enter" he was able to access his father's account.
With the password he could access not only the games but everything that Xbox had to offer including a non-age-restricted YouTube account, according to his father, Robert Davies.
According to Davies, his son accessed the Xbox account on his own but some people believe Kristoffer must have had help.
Davies himself is a security engineer at ServiceNow, a San Diego, IT cloud services firm.
Kristoffer's name now figures in Microsoft's March list of security researchers who had disclosed vulnerabilities in the company's products.
Microsoft rewarded Kristoffer $50, a year's subscription to Xbox Live and four games, according to his father.
"We take security seriously at Xbox and fixed the issue as soon as we learned about it, " Microsoft said.
