An Xbox password flaw has been revealed by 5-year-old gamer Kristoffer Von Hassel, who exposed an Xbox system loophole that could allow a user to log into another player’s profile absent using the required password.
How did the Ocean Beach, Calif. youngster discover the back-door error? He was logged into his dad’s account, blasting away on some blood and guts games that were age restrictive.
Explains USA Today:
The flaw was discovered after Kristoffer's father found out he had been playing inappropriate video games on the Xbox One. When his dad, Robert Davies, asked him how he accessed the console, Kristoffer showed him the exploit.
Here's how it worked: After typing an incorrect password, the console jumped to a password verification screen. After typing the space keys a few times then hitting enter, Kristoffer was able to access his father's Xbox Live account.
Ironically, Davies works in the computer security field. Perhaps that’s why he didn’t seem upset by the fact Kristoffer was playing adult games.
“How awesome is that!” Davies said of his initial reaction. “Just being 5 years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.”
The flaw was elevated to Microsoft, who released a statement: “We're always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it."
According to USA Today, Microsoft also honored Kristoffer as a security researcher on their website, and sent him a gift package with four games, $50 and a year-long subscription to Xbox Live from Microsoft.