5-year-old hacks Xbox, becomes Microsoft 'security researcher'

The boy got in via a glitch in the password verification screen

A 5-year-old San Diego boy has been commended by Microsoft for his security skills after finding a vulnerability in the company's Xbox games console.

Kristoffer Von Hasssel's parents noticed earlier this year that he was logged into his father's Xbox Live account and playing games he was not supposed to.

He hadn't stolen his father's password. Instead, he stumbled upon a very basic vulnerability that Microsoft is said to have now fixed.

After typing an incorrect password, Kristoffer was taken to a password verification screen. There, he simply tapped the space bar a few times, hit "enter" and was let into his father's account.

The password allowed him to access not only the games but everything else on the Xbox, including a non-age-restricted YouTube account, his father, Robert Davies, said by telephone Friday.

"I was like, 'Wow, that's so cool,'" Davies said.

Despite some who insist that Kristoffer must have had help, Davies said his son indeed accessed the Xbox account on his own.

Perhaps it was in his genes: Davies is a security engineer at the San Diego offices of ServiceNow, an enterprise IT cloud services company.

Davies reported the bug to Microsoft, which fixed it right away.

Kristoffer's name is now listed among Microsoft's March list of security researchers who have disclosed vulnerabilities in its products.

"We're always listening to our customers and thank them for bringing issues to our attention," Microsoft was quoted as saying in the report.

Kristoffer received a reward of US$50, a year's subscription to Xbox Live and four games, his father said.

That's a bit less than some other bug finders receive. Microsoft launched several new bounty programs of its own last year, including one that pays up to $100,000 for "truly novel exploitation techniques."

The story was first reported by an ABC News affiliate.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesGame platformssecurityMicrosoftgamesdata breachonline servicesdata protectioninternetgame software

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Zach Miners

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?