Five-Year Old Boy Exposes Xbox One Security Flaw

Xbox One console

Kristoffer Von Hassel, of San Diego, just had to enter in a wrong password and then a series of empty spaces to find a backdoor into his dad’s Xbox profile.

Ah, to be five years old again. Life was simpler then, only worrying about kindergarten, Saturday morning cartoons and regularly breaching security systems on high-end electronics.

At least, that’s the case for Kristoffer Von Hassel, who found a backdoor into his dad’s Xbox One account that let him completely bypass parental controls. It was around Christmas that his parents noticed he was logging onto Xbox Live and playing games he wasn’t supposed to have access to.

When asked by his dad how he did it, Kristoffer excitedly showed him that if he input an incorrect answer into the Xbox One’s password screen it would take him to a second password verification screen. Once there, all Kristoffer had to do was input a series of blank spaces and he had full control of the console.

“I was like yea!” the boy told local news station ABC 10 News.

Kristoffer said he was nervous at first, afraid his parents would find out about his youthful hacking. His dad, who works in computer security, was anything but mad about his son’s discovery. “How awesome is that!” father Robert Davies told ABC 10. “Just being 5 years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.”

Kristoffer’s family brought the bug’s attention to Microsoft, which has since fixed the problem and actually gave Kristoffer a credit on their website as a security researcher. “We’re always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it,” said Microsoft in a statement to ABC 10. They even gave Kristoffer several free games, a year’s subscription to Xbox Live and $50.

While its an impressive feat for any child, Kristoffer’s hacking experience apparently started much earlier. His father recounts that when he was only one, Kristoffer learned that he could bypass the toddler lock on a cell phone by holding down the home key.

Source: ABC 10 News

About the author