Xbox password flaw exposed by five-year-old boy

"Microsoft came up with a fix, even acknowledged Kristoffer on its website as a security researcher", reports Michael Chen for KGTV, ABC News

Related Stories

A five-year-old boy who worked out a security vulnerability on Microsoft's Xbox Live service has been officially thanked by the company.

Kristoffer Von Hassel, from San Diego, figured out how to log in to his dad's account without the right password.

Microsoft has fixed the flaw, and added Kristoffer to its list of recognised security researchers.

In an interview with local news station KGTV, Kristoffer said: "I was like yea!"

The boy worked out that entering the wrong password into the log-in screen would bring up a second password verification screen.

Kristoffer discovered that if he simply pressed the space bar to fill up the password field, the system would let him in to his dad's account.

"I got nervous. I thought he was going to find out," Kristoffer told television station, KGTV.

"I thought someone was going to steal the Xbox."

Free games

Dad Robert - who works in security - sent details of the flaw to Microsoft.

In a statement, the company said: "We're always listening to our customers and thank them for bringing issues to our attention.

"We take security seriously at Xbox and fixed the issue as soon as we learned about it."

Kristoffer's name now appears on a page set up to thank people who have discovered problems with Microsoft products.

The company also gave him four free games, $50 (£30), and a year-long subscription to Xbox Live.

More on This Story

Related Stories

More Technology stories

RSS

Features & Analysis

BBC Future

(Getty Images)

Interactive: How planes crash

Shedding light on air disasters Read more...

Programmes

  • A factory in JapanThe Travel Show Watch

    Factory infatuation – why Japan’s industrial compounds are drawing large crowds at night

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.