The Hacker News Logo
Subscribe to Newsletter

5-year-old Boy discovers Microsoft Xbox Password Bypass vulnerability

5-year-old Boy discovers Microsoft Xbox Password Bypass vulnerability
A 5-year-old San Diego boy managed to hack one of the most popular gaming systems in the world, Xbox and has now been acknowledged as a security researcher by Microsoft.

Kristoffer Von Hassel uncovered a vulnerability in Xbox Live's password system, that would allow someone to log into a Xbox player's account without their password. Kristoffer's parents noticed he was logging into his father's Xbox Live account simply by tapping the space bar.

YES, BACKDOOR ENTRY WITH JUST SPACE-BAR
His father noticed that Kristoffer logged in as his Xbox Live account to play video games that he wasn't meant to be playing and asked how he had done it. 

Kristoffer revealed that by typing in the wrong password and then by pressing the spacebar, he bypassed the password verification through a backdoor, and it was pretty simple!

HIS FEELING, "was like yeah!"
5-year-old gamer actually hacked the authentication system of a multi-billion dollar company, and his feeling "was like yeah!", Kristoffer said to local news station KGTV.
His father reported the vulnerability to Microsoft Security Team, and it has been fixed by them. Microsoft issued a statement, “We're always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it.

Microsoft awarded the junior security researcher with some cool games, $50 bugs, a one-year free subscription to Xbox Live and listed his name on their website among other security researchers.

I wish a bright Infosec career ahead of him. Cheers!

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.