Five-Year-Old Boy Finds Xbox Security Bug
Can you imagine the excitement of a 5-year-old kid who’s managed to hack into his father’s stash of video games — video games he shouldn’t be playing?
Well, that’s exactly what one California boy was able to pull off, and it sounded something like: “Yay!”
But don’t worry. Dad isn’t mad.
Robert Davies learned of his son Kristoffer’s ability to “hack” into his Xbox Live account and actually thought it was “awesome.”
“Just being 5 years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool,” he told San Diego’s KGTV.
Kristoffer, who first managed his way past his parents’ smartphone toddler lock at age 1, learned that he could reach a back door into his father’s Live account on the family’s Xbox One by simply typing a bunch of spaces into a password verification prompt. Kristoffer’s parents asked their son to show them how he’d gotten into Davies’ account after they noticed that he was playing a game they’d locked him out of, according to KGTV.
Despite Kristoffer’s fear that Microsoft might “steal the Xbox,” Davies, who works in computer security himself, reported the bug to Microsoft. The company has since patched the bug and even listed Kristoffer as a “security researcher” on its March 2014 list of contributors.
Microsoft is also giving the family four games, $50, and a yearlong subscription to Xbox Live. It’s not quite the bounty that a Brazilian programmer recently got from Facebook for finding a security bug on its site (which was $33,500 and a job), but still not bad for an elementary school student.
“We’re always listening to our customers and thank them for bringing issues to our attention,” the company wrote in a statement about the fix. “We take security seriously at Xbox and fixed the issue as soon as we learned about it.”
For his next trick, maybe Kristoffer could find us a “workaround” for getting a little better in Titanfall. That game is not easy.
Have questions, comments, or just want to tell me something funny? Email me at firstname.lastname@example.org.