xbox one
April 5, 2014

Five-Year-Old Prodigy Discovers Xbox Live Password Vulnerability

redOrbit Staff & Wire Reports - Your Universe Online

A five-year-old San Diego boy has been recognized by Microsoft for finding a way to access his father’s Xbox Live account without having to enter the correct password, various media outlets reported on Friday.

According to BBC News, Kristoffer Wilhelm von Hassel, who resides with his family in the Ocean Beach neighborhood of the California city, discovered that entering the wrong password into the log-in screen would bring up a second password verification prompt.

The child discovered that by simply pressing the space bar multiple times in order to fill up the password field and then hitting Enter, the Xbox One console would grant him access to his dad’s account. Kristoffer’s father Robert Davies, who works in the field of computer security, contacted Microsoft about the flaw, earning his son recognition by the company as a security contributor.

In an interview with local television station KGTV, Kristoffer said that he was “nervous” and that he was afraid his father was going to find out. Robert did eventually find out, but his reaction was not what you might expect – he said that his son’s discovery  was “awesome” and called it “pretty cool” that the five-year old found the vulnerability.

Of course, Robert noted that this was not the first time that Kristoffer had demonstrated his technical prowess. At the age of one, he reportedly was able to surpass a cell phone’s toddler lock screen by holding down on the home button. In all, he’s discovered these types of security flaws three or four times, according to Davies.

Microsoft has developed a fix for the password vulnerability, and in addition to thanking Kristoffer on their Security Researcher Acknowledgments webpage, they sent him four free Xbox One games, $50 and a year-long subscription to Xbox Live, according to the BBC.

“We're always listening to our customers and thank them for bringing issues to our attention,” the company said in a statement. “We take security seriously at Xbox and fixed the issue as soon as we learned about it.”