FIVE-year-old finds Xbox Live password backdoor, hacks into dad’s account
A five-year-old has humbled Microsoft’s security team by finding and exploiting a password bug in his Xbox to log into his father’s Xbox Live account.
The parents of Kristoffer Von Hassel, from Ocean Beach in San Diego, California, noticed after Christmas that the talented tot had broken into the account without knowing the password – allowing him to cheekily play games for adults that he wasn’t supposed to touch.
The kid managed it by tapping in a wrong password at the console’s login prompt, navigating to a password verification screen, and filling the password box with space characters before hitting the submit button. After that, the door was open.
“I was like, ‘yea!’” Kristoffer told ABC News.
His father Robert Davies, who works as a computer security specialist, said the inquisitive infant has a record of doing this kind of thing. When Kristoffer was one year old, he defeated the toddler lock on his dad’s phone by holding the home key down to disable the lockout – but the Xbox hack is the kid’s best discovery to date, his father said.
“How awesome is that!” Davies said. “Just being five years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.”
Davies got in touch with Redmond and the problem has been fixed, allowing the family to go public with the discovery. Kristoffer received four games for free from Microsoft in recompense, along with a year’s Xbox Live subscription and $50 (about 30 quid), as well as a mention on the company’s vulnerabilities shoutout web page.
“We’re always listening to our customers and thank them for bringing issues to our attention,” a Microsoft spokesperson told El Reg. “We take security seriously at Xbox and fixed the issue as soon as we learned about it.” ®