Password Flaw on Xbox Exposed by Child

Share on StockTwits

A San Diego, California five-year old boy has discovered a password flaw in the new Xbox. Kristoffer Von Hassel was given a mention in the security acknowledgements by Microsoft for March after he discovered a security glitch later acknowledged by Microsoft.

Von Hassel was able to find a backdoor into Xbox One Live by Microsoft, which alerted the software giant to a major glitch in security.

If it had not been for the parents of Kristoffer noticing he logged in to his father’s account on Xbox Live the glitch would not have been detected. The five-year old was able to log on and play games on his father’s account that he was not supposed to play.

Five-year old Kristoffer said he became nervous thinking his father was going to find out about what he had done.

Kristoffer showed Robert Davies, his father, how he had logged into his account. After he typed in a password that was wrong, Kristoffer was then sent to a page for password verification.

On that page, by typing a number of space keys and then pushing the enter key, Kristoffer would log in, finding a way into the most talked about consoles in video gaming over the last few months, through the backdoor.

At first, Davies said his reaction had been happiness. Thinking it was awesome that a five year old could do something like that finding a vulnerability and being able to take advantage of the system. Davies called it quite cool at the time.

Davies works in the field of computer security. He said this was not the first time his son was able to hack into a tech device. When his son was just 1 year of age, he was able to skirt past the lock screen for children on his father’s cell phone by just pushing down on the menu key.

Kristoffer, besides the mention in the security acknowledgements released by Microsoft, was given four games by the software giant, $50 and a subscription for one year to Xbox Live.