Kristoffer Von Hassel, a five-year-old Californian boy, revealed a glitch in Microsoft’s Xbox gaming system. Kristoffer’s parents noticed that their son was playing age-restricted games on his father’s account, without knowing or stealing the password. The boy’s father, Robert Davis, confronted Kristoffer to find out how the five-year-old was able to log on to the account.
“I got nervous. I thought he was going to find out,” said Kristoffer in an interview with ABC 10.
As it turns out, Kristoffer was able to log on to his father’s account through a simple passcode glitch. After putting in the wrong passcode, he was taken to a verification screen. Once there, Kristoffer would tap the space bar a couple times, hit the enter button and was then allowed access to his father’s account.
Davis, a security engineer at ServiceNow in San Diego, was impressed by his son’s discovery.
“I was like, ‘Wow, that’s so cool,’” Davis said.
The five-year-old garnered access to everything on Xbox, including a non-age-restricted YouTube account. Davis reported the mishap to Microsoft, and Kristoffer was named a Microsoft security researcher on the company’s March list of security researcher acknowledgments.
“We’re always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it,” Microsoft said in a statement.
In addition to making the March list, Krisotffer and his family were granted a free, year-long subscription to Xbox Live, US$50 and four games. Microsoft has been known to offer payment to people who expose product vulnerabilities, reaching up to $100,000 for “truly novel exploitation techniques.”