5-year-old discovers Xbox vulnerability, officially thanked by Microsoft

4 Apr 2014

A five-year-old boy in the US has been officially acknowledged by Microsoft as a security researcher after he stumbled across a critical vulnerability in the software giant’s popular Xbox console.

San Diego, California-based Kristoffer Von Hassel found out a way of logging into his dad’s Xbox account by figuring out that entering the wrong password would bring up a second password verification screen.

According to local TV network KGTV, Kristoffer found that if he pressed the spacebar to fill up the password field the system would let him into the account.

His parents noticed he was logging into Xbox Live and playing games he wasn’t allowed to play.

Kristoffer’s dad, who incidentally works in IT security, asked him how he did it and when he saw how, he notified Microsoft.

Apparently, it’s not the first time Kristoffer figured out how to breeze past security. At the age of one he apparently got past the toddler lock screen on his dad’s mobile phone.

Kristoffer’s name now appears on an official Microsoft record set up to thank people who discovered security vulnerabilities on the company’s products.

The youngster will also receive four games and a year-long subscription to Xbox Live.

“We’re always listening to our customers and thank them for bringing issues to our attention,” Microsoft said in a statement.

“We take security seriously at Xbox and fixed the issue as soon as we learned about it.”

Microsoft is a Silicon Republic Featured Employer, comprised of top tech companies that are hiring now

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years