Five-Year-Old Breaches Xbox Live Security

[Foxi4]

​

​

Yes, you're reading this right. A five-year-old by the name of Kristoffer Von Hassel discovered a security hole that allowed him to log in and make purchases via his father's account without knowing his password. The youngster discovered that after typing in the wrong password and reaching the second verification stage, inputting a space would give him access to the account.​

​

The issue was reported to Microsoft by his father and fixed. Subsequently Kristoffer has been rewarded for his discovery with four free games, $50, a 1-year Xbox Live subscription and his name is now on the list of Microsoft's security researchers thanked for their contributions.​

​

Now, I'm pretty sure this was just dumb luck on the boy's part and it's definitely not front page news material, so I'm putting it in the User Submitted News as an oddity rather than relevant news. Now, remember kids! Saying nothing at all sometimes opens many doors just like typing in a space sometimes opens your dad's virtual wallet.​

​

​

Source​

 

[TackyPie]

So easy even a 5 year old can do it.

 

[VashTS]

my boy at about 2 years old found a glitch in an android game. i seen it happen and im like WTF?!!? and he kept doing it. he exploited the physics to circumvent having to collect items to open a gate in Chromasphere!

sometimes bugs are just that easy

 

[Snailface]

This gives hope to the 3DS hacking theories thread.

 

[slingblade1170]

I read this earlier this morning, its an interesting story. A 5 year old? Thats crazy.

 

[Vengenceonu]

Expect a flood gate of people looking for "bugs" so they can get free shit to now be wide open.

Ex. "OH, Kinect Didnt hear My voice so it must be a Bug... FREE WAREZ/MONEZ PLOX"

 

[Bladexdsl]

should have used this it would of worked

↑↑↓↓←→←→BA

 

[Gahars]

Little kids can hack anything, with or without the presence of dangerous raptors. Have we really learned nothing from Jurassic Park?

 

[Parasite X]

Seen this on QJ.net & its hilarious how could microsoft be so careless & to make it worse the exploit will be pattched because they reported it

 

[chavosaur]

Seen this on QJ.net & its hilarious how could microsoft be so careless & to make it worse the exploit will be pattched because they reported it

Its... Its bad that its getting patched? What?
And sure it may be a little careless, but its a simple bug they immediately responded too..? Wow Xbox is terribad for taking care of their platform :|

 

[shakirmoledina]

I guess the key here is persistence. And not knowing that its 'impossible' to hack high-tech companies. Ignorance is bliss.

 

[Taleweaver]

Since the wiiu isn't yet hacked...can we now safely say that it is NOT a kiddy console?

 

[dekuleon]

Ask him to find another exploit for 3ds and release it.
Or to unlock the wii u!

 

[FAST6191]

Reminds me of I think it was Windows 95 where you could press next and then cancel to avoid having to put a serial number in.

 

[DinohScene]

Shear dumb luck indeed.

 

[lukands]

What's a five year old doing on Xbox live? Or even on an Xbox in the first place without adult supervision?

 

[Veho]

This is one of those "infinite monkeys on infinite keyboards" things. Millions of people hitting random keys and someone is bound to stumble upon something like this.

 

[osirisjem]

I'd love to know the code behind a login feature that allows spaces to bypass password security.

If Password = " " then Access = Root

 

[FireGrey]

This means they have a backdoor to everyone's account, pretty much ever xbox employee would know about this...
What if this is the case for other microsoft services?
Someone will find out their new method and not report it to microsoft, what happens then?

 

[osirisjem]

This means they have a backdoor to everyone's account

xBone login code

[spaghetti code]"Please type in your Password"; Wait
Send plaintext password => NSA
If Password = " " then Access = Root
[/spaghetti code]

Updated my code.