Xbox security flaw discovered by five-year-old child

Kristoffer Von Hassel managed to log into his fathers account without the right password

Heather Saul
Saturday 05 April 2014 17:27
Comments

A five-year-old child has been praised by Microsoft after discovering a flaw in the security system of their Xbox Live service that allowed him to hack into his father's account without needing a password.

Kristoffer Von Hassel managed to log in to his father's Xbox Live account. When the password log-in screen appeared, he simply pressed the space button a few times and hit enter.

In doing so he managed to enter the system through a back door without needing to enter a password.

"I got nervous. I thought he was going to find out," Kristoffer told television station KGTV.

"I thought someone was going to steal the Xbox."

His father Robert Davies, who works in security in San Diego, said he had noticed his son playing games he supposedly couldn't access.

Mr Davies said he reported the issue to Microsoft, which fixed the bug and listed Kristoffer on its website as a "security researcher."

Microsoft has since fixed the flaw and added Kristoffer to a list of recognised security researchers.

A Microsoft statement says "we take security seriously" and thanks customers for highlighting issues.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in