Sign in with
Sign up | Sign in

Xbox One Security Flaw Uncovered by Five-Year-Old Boy

By - Source: KGTV | B 13 comments

You have to wonder how this bug got past QA.

San Diego news station KGTV reports that 5-year-old Kristoffer Von Hassel found a way to hack into his father's Xbox One account and play games he wasn't supposed to be playing. He was later rewarded with money and new games.

According to the report, Kristoffer's parents began to notice he was logging into his father's account right after Christmas. Eventually, the boy's father, computer security researcher Robert Davies, asked how he managed to hack the account.

Kristoffer revealed that all he had to do was type in the wrong password for his father's account at the login screen. The console then displayed a second password verification screen where he entered nothing but spaces and hit enter. Voila! He had access to his father's account… just like that.

"How awesome is that!" Davies told the news channel. "Just being 5 years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool."

Robert Davies reported the bug to Microsoft on behalf of his son. In turn, Microsoft acknowledged Kristoffer among a list of security researchers that have helped make the Windows platform a safer place to play and work.

"We're always listening to our customers and thank them for bringing issues to our attention," Microsoft told the news channel. "We take security seriously at Xbox and fixed the issue as soon as we learned about it."

In addition to the acknowledgement, Microsoft is also giving the boy a year-long subscription to Xbox Live, $50 USD, and four games. Meanwhile, Microsoft reports that the vulnerability has been resolved.

Was Microsoft a bit careless with this security flaw? After all, Christoffer only had to hit the spacebar a few times in order to access a forbidden account. What if it wasn't a 5-year-old boy, but a thief looking for additional personal information?

Discuss
Add your comment Display all 13 comments.
  • 5 Hide
    de5_Roy , April 7, 2014 7:54 AM
    this may be the answer to "are you smarter than a 5 year old?" asked to microsoft. :lol: 
  • 3 Hide
    stevenrix , April 7, 2014 8:07 AM
    In my years of QA testing I would say it was designed to work just like that.
  • 7 Hide
    rwinches , April 7, 2014 8:22 AM
    Yeah, it was a Developer's shortcut that wasn't removed before release. Still QA should have caught it.
    I am always surprised when QA tech only test SW the 'proper' way and don't try to break it. So often they miss errors that way.

    I remember when my cousin figured how to 'fix' his Duke Nukem. Of course his mom didn't appreciate him telling a waitress he was 'gonna kick her ass all the way to Burger King'
  • 0 Hide
    ubercake , April 7, 2014 9:18 AM
    Hmmm... Pretty suspicious....
    If the security expert finds the flaw, no one gets famous. But if he says his 5 year-old son found the issue, he's on the news, junior's on the news and they have their 15 minutes of fame at the same time.
  • -2 Hide
    masmotors , April 7, 2014 10:46 AM
    the father found it out and is saying his bugger nose kid found it bs
  • 1 Hide
    Gam3r01 , April 7, 2014 4:07 PM
    I would have asked for more than 50 bucks and some games for that :D 
  • 1 Hide
    leeb2013 , April 7, 2014 5:24 PM
    Quote:
    Hmmm... Pretty suspicious....
    If the security expert finds the flaw, no one gets famous. But if he says his 5 year-old son found the issue, he's on the news, junior's on the news and they have their 15 minutes of fame at the same time.


    I totally agree, does anyone else have a 5 year old who would be able to type that specific combination into an XBone to allow them to play other restricted games? His father is a security expect and there's no chance that he could have spotted this flaw?
  • 2 Hide
    Karadjgne , April 7, 2014 5:39 PM
    My girl when she was 5 years old knew the meanings of words like exponential, adolescent, obstetrician, yet had problems spelling cat. My boy at 5 taught himself to read by watching me play StarSeige. I find it simply amazing what kids that age are able to grasp, yet get frustrated when they stumble over the simplest stuff.

    Maybe dad is the gamer, and the kid has watched him punch in enough cheat codes... So tried to copy dad, and hit the jackpot code by mistake. Stranger things have happened.
  • -1 Hide
    ubercake , April 8, 2014 3:54 AM
    Quote:
    My girl when she was 5 years old knew the meanings of words like exponential, adolescent, obstetrician, yet had problems spelling cat. My boy at 5 taught himself to read by watching me play StarSeige. I find it simply amazing what kids that age are able to grasp, yet get frustrated when they stumble over the simplest stuff.

    Maybe dad is the gamer, and the kid has watched him punch in enough cheat codes... So tried to copy dad, and hit the jackpot code by mistake. Stranger things have happened.


    That is true, but my money's still on the fact that '5-year-old discovers security flaw' is going to get way more attention than 'Security expert finds security flaw'.
  • 3 Hide
    quantum mask , April 8, 2014 6:03 AM
    50 bucks? . . . That's it?
  • 1 Hide
    Benevolence , April 8, 2014 10:10 AM
    Sounds like five year old logic to me. How many young kids back in the days of early sattelite tv figured out you can watch the naked channels by holding down a specific button combination on the receiver?
  • 0 Hide
    expl0itfinder , April 8, 2014 11:41 AM
    I must ask, why was my comment, out of all the comments on this website, deleted?
  • 1 Hide
    Karadjgne , April 8, 2014 3:09 PM
    Quote:
    Sounds like five year old logic to me. How many young kids back in the days of early sattelite tv figured out you can watch the naked channels by holding down a specific button combination on the receiver?


    (holds up hand) (whistles) (looks in a totally different direction)

React To This Article