Five Year Old Figured Xbox Security Flaw
A five year old boy found a gap in the Xbox Live security and has been rewarded by Microsoft for his part in fixing the flaw. When Kristoffer Von Hassel’s parents found he was managing to sneak into his father’s account to access games he wasn’t supposed to, they questioned how he was doing it. Turned out that, instead of inputting the correct password, he was instead fixing the entry form with spaces. This was enough to allow him access.
“How awesome is that!” dad Robert said when asked later. “Just being 5 years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.”
The pair of them reported the problem to Microsoft, who fixed the vulnerability and reportedly rewarded Kristoffer with a year of Xbox Live, some games and $50. They also issued a statement:
We’re always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it.
There seem to be a few big holes in this story, mostly because it comes from non-tech sites. Firstly, it wasn’t enough to enter spaces in the first password screen, but in a secondary screen after he’d already got his dad’s password wrong once. Secondly, under what circumstances were they playing? Was this trick only possible when the console was offline, if there were sub-accounts involved? It seems hilariously bad, but without the right information, it’s difficult to know just what’s gone on.