A 5-year-old California boy hacked his father's Xbox Live account
Kristoffer Von Hassel was playing games he wasn't supposed to play
Microsoft has fixed the exploit and credited Kristoffer
Dad: "I thought that was pretty cool"
Hacking your Xbox: So easy, even a 5-year-old could do it?
A San Diego boy has the gaming world’s attention after he exposed a security flaw that let him log into his dad’s Xbox Live account, without permission, on the family’s Xbox One console.
“I was like … yeah!” young Kristoffer Von Hassel said to KGTV-10, a CNN affiliate.
Kristoffer’s father, Robert Davies, noticed soon after Christmas that his son was logging into his account and playing games that weren’t appropriate for his age. When he asked how, Kristoffer showed him a hack that seems simple in retrospect but is fairly impressive considering a 5-year-old found it.
Kristoffer would go to his dad’s account and type in an incorrect password. That would take him to a password verifications screen, where he would simply tap the space bar repeatedly and then press “enter.”
“How awesome is that?” asked Davies, who works in online security himself. “Just being 5 years old and being able to find a vulnerability and latch on to that. I thought that was pretty cool.”
He told KGTV that Kristoffer has figured out three or four other “hacks,” including getting past the lock on a smartphone by holding down the “home” key for long enough.
Dad reported the vulnerability to Microsoft. And Microsoft acted, issuing a fix for the vulnerability.
“We’re always listening to our customers and thank them for bringing issues to our attention,” the company said in a written statement. “We take security seriously at Xbox and fixed the issue as soon as we learned about it.”
The company has even included Kristoffer’s name on a list of security researchers who have helped make online Microsoft products safer.
For his discovery (or, more accurately, for reporting it with his father’s help), Kristoffer will receive four games, $50 and a year’s subscription to Xbox Live from Microsoft.
Whether a career in computer security awaits remains to be seen.