Five-Year-Old Breaches Xbox Live Security

Discussion in 'User Submitted News' started by Foxi4, Apr 5, 2014.

  1. Foxi4
    OP

    Foxi4 On the hunt...

    pip Reporter
    23,558
    21,534
    Sep 13, 2009
    Poland
    Gaming Grotto
    Yes, you're reading this right. A five-year-old by the name of Kristoffer Von Hassel discovered a security hole that allowed him to log in and make purchases via his father's account without knowing his password. The youngster discovered that after typing in the wrong password and reaching the second verification stage, inputting a space would give him access to the account.​
    The issue was reported to Microsoft by his father and fixed. Subsequently Kristoffer has been rewarded for his discovery with four free games, $50, a 1-year Xbox Live subscription and his name is now on the list of Microsoft's security researchers thanked for their contributions.​
    Now, I'm pretty sure this was just dumb luck on the boy's part and it's definitely not front page news material, so I'm putting it in the User Submitted News as an oddity rather than relevant news. Now, remember kids! Saying nothing at all sometimes opens many doors just like typing in a space sometimes opens your dad's virtual wallet.​
    :arrow: Source
     
    ferofax, KingVamp, koimayeul and 5 others like this.


  2. TackyPie

    TackyPie GBAtemp Fan

    Member
    304
    43
    Jul 4, 2012
    United States
    So easy even a 5 year old can do it.
     
  3. VashTS

    VashTS Beat it, son

    Member
    3,901
    702
    Mar 14, 2009
    United States
    Upstate NY
    my boy at about 2 years old found a glitch in an android game. i seen it happen and im like WTF?!!? and he kept doing it. he exploited the physics to circumvent having to collect items to open a gate in Chromasphere!

    sometimes bugs are just that easy
     
  4. Snailface

    Snailface My frothing demand for 3ds homebrew is increasing

    Member
    4,324
    1,983
    Sep 20, 2010
    Engine Room with Cyan, watching him learn.
    This gives hope to the 3DS hacking theories thread.
     
  5. slingblade1170

    slingblade1170 GBAtemp Advanced Fan

    Member
    875
    204
    Mar 15, 2009
    United States
    I read this earlier this morning, its an interesting story. A 5 year old? Thats crazy.
     
  6. Vengenceonu

    Vengenceonu Revenge is beneath me but accidents do happen.

    Member
    2,204
    1,933
    Jun 20, 2013
    United States
    The C Standard Library
    Expect a flood gate of people looking for "bugs" so they can get free shit to now be wide open.

    Ex. "OH, Kinect Didnt hear My voice so it must be a Bug... FREE WAREZ/MONEZ PLOX"
     
    Bladexdsl likes this.
  7. Bladexdsl

    Bladexdsl ZOMG my posts...it's over 9000!!!

    Member
    16,225
    3,865
    Nov 17, 2008
    Australia
    Queensland
    should have used this it would of worked :creep:

    BA
     
    driverdis and the_randomizer like this.
  8. Gahars

    Gahars Bakayaro Banzai

    Member
    10,254
    17,403
    Aug 5, 2011
    United States
    New Jersey
    Little kids can hack anything, with or without the presence of dangerous raptors. Have we really learned nothing from Jurassic Park?
     
    The_Hulkster and Taleweaver like this.
  9. Parasite X

    Parasite X Banned

    Banned
    637
    75
    Jul 6, 2009
    United States
    Katy Tx
    Seen this on QJ.net & its hilarious how could microsoft be so careless & to make it worse the exploit will be pattched because they reported it
     
  10. chavosaur

    chavosaur Austin Trujillo

    pip Contributor
    4,789
    8,652
    Mar 11, 2012
    United States
    Huntersville, NC
    Its... Its bad that its getting patched? What?
    And sure it may be a little careless, but its a simple bug they immediately responded too..? Wow Xbox is terribad for taking care of their platform :|
     
    EZ-Megaman and NEP like this.
  11. shakirmoledina

    shakirmoledina Legend

    Member
    6,611
    218
    Oct 23, 2004
    Tanzania
    Dar es Salaam
    I guess the key here is persistence. And not knowing that its 'impossible' to hack high-tech companies. Ignorance is bliss.
     
  12. Taleweaver

    Taleweaver Storywriter

    Member
    5,603
    1,643
    Dec 23, 2009
    Belgium
    Belgium
    Since the wiiu isn't yet hacked...can we now safely say that it is NOT a kiddy console? ;)
     
    Ace Overclocked likes this.
  13. dekuleon

    dekuleon GBAtemp Advanced Fan

    Member
    GBAtemp Patron
    dekuleon is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    511
    158
    Oct 1, 2010
    Brazil
    where the wind makes the curve
    Ask him to find another exploit for 3ds and release it.
    Or to unlock the wii u!
     
  14. FAST6191

    FAST6191 Techromancer

    pip Reporter
    23,518
    9,337
    Nov 21, 2005
    Reminds me of I think it was Windows 95 where you could press next and then cancel to avoid having to put a serial number in.
     
    kenjixx and DinohScene like this.
  15. DinohScene

    DinohScene Capture the Dino

    Member
    GBAtemp Patron
    DinohScene is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    16,076
    12,589
    Oct 11, 2011
    Antarctica
    В небо
    Shear dumb luck indeed.
     
  16. lukands

    lukands I took the little bus here

    Member
    522
    32
    Mar 27, 2009
    Your mamas house
    What's a five year old doing on Xbox live? Or even on an Xbox in the first place without adult supervision?
     
  17. Veho

    Veho The man who cried "Ni".

    Former Staff
    8,874
    16,899
    Apr 4, 2006
    Croatia
    Zagreb
    This is one of those "infinite monkeys on infinite keyboards" things. Millions of people hitting random keys and someone is bound to stumble upon something like this.
     
  18. osirisjem

    osirisjem Wii U: Y U No Sell ?

    Member
    1,075
    356
    Jun 19, 2011
    Canada
    I'd love to know the code behind a login feature that allows spaces to bypass password security.

    If Password = " " then Access = Root
     
  19. FireGrey

    FireGrey Undercover Admin

    Member
    3,920
    909
    Apr 13, 2010
    This means they have a backdoor to everyone's account, pretty much ever xbox employee would know about this...
    What if this is the case for other microsoft services?
    Someone will find out their new method and not report it to microsoft, what happens then?
     
    osirisjem likes this.
  20. osirisjem

    osirisjem Wii U: Y U No Sell ?

    Member
    1,075
    356
    Jun 19, 2011
    Canada
    xBone login code

    Code:
    [spaghetti code]"Please type in your Password"; Wait
    Send plaintext password => NSA
    If Password = " " then Access = Root
    [/spaghetti code]
    Updated my code.
     
    ferofax likes this.