Feeds

Five-year-old discovers Xbox password bug, hacks dad's Live account

Boy, they're starting young these days

Secure remote control for conventional and virtual desktops

A five-year-old boy has found and exploited a password flaw in his Xbox to hack into his father's Xbox Live account.

Still of Kristoffer playing on the Xbox

Look out, Mitnick ... Kristoffer Von Hassel on his Xbox (Credit: ABC 10 / KGTV)

The parents of Kristoffer Von Hassel, from Ocean Beach in San Diego, California, noticed after Christmas that the talented tot had broken into the account without knowing the password – allowing him to cheekily play games for adults that he wasn't supposed to touch.

The kid managed it by tapping in a wrong password at the console's login prompt, navigating to a password verification screen, and filling the password box with space characters before hitting the submit button. After that, the door was open.

“I was like, 'yea!'” Kristoffer told ABC News.

His father Robert Davies, who works as a computer security specialist, said the inquisitive infant has a record of doing this kind of thing. When Kristoffer was one year old, he defeated the toddler lock on his dad's phone by holding the home key down to disable the lockout – but the Xbox hack is the kid's best discovery to date, his father said.

"How awesome is that!" Davies said. “Just being five years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.”

Davies got in touch with Redmond and the problem has been fixed, allowing the family to go public with the discovery. Kristoffer received four games for free from Microsoft in recompense, along with a year's Xbox Live subscription and $50 (about 30 quid), as well as a mention on the company's vulnerabilities shoutout web page.

"We're always listening to our customers and thank them for bringing issues to our attention," a Microsoft spokesperson told El Reg. "We take security seriously at Xbox and fixed the issue as soon as we learned about it." ®

New hybrid storage solutions

More from The Register

next story
Half a BILLION in the making: Bungie's Destiny reviewed
It feels very familiar - but it's still good
Apple's big bang: iPhone 6, ANOTHER iPhone 6 Plus and WATCH OUT
Let's >sigh< see what Cupertino has been up to for the past year
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Get your Indian Landfill Android One handsets - they're only SIXTY QUID
Cheap and deafening mobes for the subcontinental masses
Apple's SNEAKY plan: COPY ANDROID. Hello iPhone 6, Watch
Sizes, prices and all – but not for the wrist-o-puter
DARPA-backed jetpack prototype built to make soldiers run faster
4 Minute Mile project hatched to speed up tired troops
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.