Feeds

Five-year-old discovers Xbox password bug, hacks dad's Live account

Boy, they're starting young these days

Build a business case: developing custom apps

A five-year-old boy has found and exploited a password flaw in his Xbox to hack into his father's Xbox Live account.

Still of Kristoffer playing on the Xbox

Look out, Mitnick ... Kristoffer Von Hassel on his Xbox (Credit: ABC 10 / KGTV)

The parents of Kristoffer Von Hassel, from Ocean Beach in San Diego, California, noticed after Christmas that the talented tot had broken into the account without knowing the password – allowing him to cheekily play games for adults that he wasn't supposed to touch.

The kid managed it by tapping in a wrong password at the console's login prompt, navigating to a password verification screen, and filling the password box with space characters before hitting the submit button. After that, the door was open.

“I was like, 'yea!'” Kristoffer told ABC News.

His father Robert Davies, who works as a computer security specialist, said the inquisitive infant has a record of doing this kind of thing. When Kristoffer was one year old, he defeated the toddler lock on his dad's phone by holding the home key down to disable the lockout – but the Xbox hack is the kid's best discovery to date, his father said.

"How awesome is that!" Davies said. “Just being five years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.”

Davies got in touch with Redmond and the problem has been fixed, allowing the family to go public with the discovery. Kristoffer received four games for free from Microsoft in recompense, along with a year's Xbox Live subscription and $50 (about 30 quid), as well as a mention on the company's vulnerabilities shoutout web page.

"We're always listening to our customers and thank them for bringing issues to our attention," a Microsoft spokesperson told El Reg. "We take security seriously at Xbox and fixed the issue as soon as we learned about it." ®

Build a business case: developing custom apps

More from The Register

next story
Kate Bush: Don't make me HAVE CONTACT with your iPHONE
Can't face sea of wobbling fondle implements. What happened to lighters, eh?
The agony and ecstasy of SteamOS: WHERE ARE MY GAMES?
And yes it does need a fat HDD (or SSD, it's cool with either)
Apple takes blade to 13-inch MacBook Pro with Retina display
Shaves price, not screen on mid-2014 model
iPhone 6 flip tip slips in Aussie's clip: Apple's 'reversible USB' leaks
New plug not compatible with official Type-C, according to fresh rumors
Steve Jobs had BETTER BALLS than Atari, says Apple mouse designer
Xerox? Pff, not even in the same league as His Jobsiness
TV transport tech, part 1: From server to sofa at the touch of a button
You won't believe how much goes into today's telly tech
Apple analyst: fruity firm set to shift 75 million iPhones
We'll have some of whatever he's having please
Apple to build WORLD'S BIGGEST iStore in Dubai
It's not the size of your shiny-shiny...
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.