Top

5-year-old is Microsoft’s security researcher

5-year-old bypassed his fathers Xbox Live account, highlighted vulnerability

Microsoft has recognized a 5-year-old San Diego boy for his security skills after he managed to get into his fathers Xbox account due to vulnerability in Microsoft’s gaming console.

ComputerWorld reported that the kid did not steal his father’s password, but managed to bypass it because of a glitch in the game console from Microsoft. He did not know the exact password, but stumbled upon a glitch, which allowed him through. Microsoft has now patched the glitch.

Kristoffer Von Hasssel's parents noticed that he managed to log into his father's Xbox Live account started playing games he was not supposed to and also everything else he was restricted to see.

He typed an incorrect password, after which; the Xbox took him to a password verification screen. He then simply tapped the space bar three times and hit the enter key which took him straight to the restricted account. His father, Robert Davies, who is a security engineer with Microsoft, immediately reported the glitch and had it fixed.

The kid’s name is now listed amongst Microsoft’s March list of security researchers who have disclosed vulnerabilities in its products.

Kristoffer received a reward of US$50, a year's subscription to Xbox Live and four games from Microsoft.

That's a bit less than some other bug finders receive. Microsoft launched several new bounty programs of its own last year, including one that pays up to $100,000 for "truly novel exploitation techniques."

The story was first reported by an ABC News affiliate.

Image credit: CNNMoney

Next Story