Five-year-old Kristoffer von Hassel did something no other adult or legion of Developers could. The boy cracked the Xbox One’s “secure” log-in for his father’s account, giving him access to all of dad’s games, as well as giving him the option to make purchases. Dad, by the way, works in “computer security” as well.
Dad’s reaction? “How awesome is that? Just being 5 years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.” Kristofer was equally exited by his find, saying “I was like ‘yea!'” before realizing the err of his ways. “I got nervous. I thought he was going to find out” Kristofer said of his father. Nothing to worry about, kid, dad isn’t even mad — he’s impressed.
Father and Son reported the find to Microsoft, who noted Kristopher in their March security acknowledgements. His name doesn’t link to a corresponding twitter account or anything, because, you know — he’s five. As a result, Kristopher (or maybe dad?) will get four free Xbox games, fifty bucks, and a free year’s subscription to Xbox Live.
So how did he do it? The flaw, which has already been patched, was found when Kristopher entered the wrong password on dad’s account, which took him to an alternate verification screen. Once Kristopher filled the password area with spaces, he was in like Flynn. When asked what he thought would happen when the flaw was reported, Kristopher said “I thought someone was going to steal the Xbox”. Adorable.