Hacking your Xbox: So easy, even a 5-year-old could do it?
A San Diego boy has the gaming world's attention after he exposed a security flaw that let him log into his dad's Xbox Live account, without permission, on the family's Xbox One console.
"I was like ... yeah!" young Kristoffer Von Hassel said to KGTV-10, a CNN affiliate.
Kristoffer's father, Robert Davies, noticed soon after Christmas that his son was logging into his account and playing games that weren't appropriate for his age. When he asked how, Kristoffer showed him a hack that seems simple in retrospect but is fairly impressive considering a 5-year-old found it.
Kristoffer would go to his dad's account and type in an incorrect password. That would take him to a password verifications screen, where he would simply tap the space bar repeatedly and then press "enter."
"How awesome is that?" asked Davies, who works in online security himself. "Just being 5 years old and being able to find a vulnerability and latch on to that. I thought that was pretty cool."
He told KGTV that Kristoffer has figured out three or four other "hacks," including getting past the lock on a smartphone by holding down the "home" key for long enough.
Dad reported the vulnerability to Microsoft. And Microsoft acted, issuing a fix for the vulnerability.
"We're always listening to our customers and thank them for bringing issues to our attention," the company said in a written statement. "We take security seriously at Xbox and fixed the issue as soon as we learned about it."
The company has even included Kristoffer's name on a list of security researchers who have helped make online Microsoft products safer.
For his discovery (or, more accurately, for reporting it with his father's help), Kristoffer will receive four games, $50 and a year's subscription to Xbox Live from Microsoft.
Whether a career in computer security awaits remains to be seen.
Latest Stories
-
Hindsight: Dear GFA, where is the DNA?
35 mins -
Mass wedding for Nigeria orphans sparks outcry
53 mins -
US troops to leave Niger by mid-September
1 hour -
DR Congo army says it has thwarted attempted coup
2 hours -
GPL 2023/24: Aduana beat Hearts to go third; Samartex close in on title
3 hours -
Tipper truck crushes one to death at Kasoa
3 hours -
Baba Rahman wins Greece Super League title with PAOK
3 hours -
Demolition orders should be part of court’s inherent power – Lawyer
4 hours -
British company duped off £20m with an AI-generated video of its CFO
4 hours -
Kissi Agyebeng deserves applause for blowing whistle on money laundering – Kpebu
4 hours -
Diddy apologises after video shows attack on ex-girlfriend
4 hours -
Israel-Hamas war: Ghana calls for unconditional release of hostages
4 hours -
Presidency mourns deceased driver in Akufo-Addo convoy accident
5 hours -
Playback: The Probe discussed EOCO’s mishandling of Cecelia Dapaah case
6 hours -
There’s no need to seek additional demolition permit from Supreme Court – Lawyer
6 hours