How a 5-Year-Old Discovered Xbox Security Flaw
Microsoft received a big assist discovering a security flaw on its Xbox One from an unlikely source: a five-year-old boy.San Diego television station KGTV reports five-year-old Kristoffer Von Hassel uncovered a flaw that would allow someone to log into a player’s profile without their password.
The flaw was discovered after Kristoffer’s father found out he had been playing inappropriate video games on the Xbox One. When his dad, Robert Davies, asked him how he accessed the console, Kristoffer showed him the exploit.
Here’s how it worked: After typing an incorrect password, the console jumped to a password verification screen. After typing the space keys a few times then hitting enter, Kristoffer was able to access his father’s Xbox Live account.
“Just being 5 years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool,” Davies tells KGTV.
They reported the bug to Microsoft, and have since fixed the flaw, the company tells KGTV in a statement. They also honored Kristoffer as a security researcher on their website, and sent a gift package including free games and a one-year Xbox Live subscription.