A 5-year-old California boy accidentally discovered a major back-door access security flaw into user accounts on Microsoft’s new Xbox One video game platform.
Shortly after the launch of the system around last year’s holiday season, Kristoffer Von Hassel of Ocean Beach began surprising his parents by logging into his father’s Xbox Live account to access games he was forbidden from playing.
“I was like, yeah!” Kristoffer, who wants to be a “gamer” when he grows up, told a local ABC news station.
Shortly after, father Robert Davies shot a video asking his how he did it, which showed Kristoffer entering an incorrect password into his father’s account, and transferring to a password verification page. After entering a series of space keys and pressing enter, the boy was able to successfully log in.
“How awesome is that!” Davies, who works in computer security, said. “Just being 5-years-old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.”
According to his father, this is the third or fourth time Kristoffer has found a way through security vulnerabilities.
After reporting the bug to Microsoft, the company patched the security hole and publicly acknowledged the boy on Microsoft’s website, which maintains a running list of security researchers responsible for finding and reporting security vulnerabilities in Microsoft products.
“We’re always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it,” Microsoft said in a statement.
In thanks for his major discovery, Microsoft is giving Kristoffer four free games, $50, and a free year-long subscription to Xbox Live.