Not being allowed by parents to play certain violent and adult-themed video games has not stopped 5-year-old Kristoffer Von Hassel from accessing them anyway. In the process of attempting to bypass the parental controls, Kristoffer discovered a blatantly ridiculous security flaw overlooked by Microsoft itself.
Kristofferhad been accessing his father’s library for quite a while before anyone noticed. It was only after Christmas, two months after owning the console, that his father finally observed play sessions and log-in times on his account bearing an uncanny resemblance to hours when Kristoffer was using the console. “I got nervous. I thought he was going to find out,” Kristoffer told 10News. But instead of reprimanding Kristoffer, his father, who works in computer security, was extremely proud.
Security prodigy
“This isn’t the first time Kristoffer figured out how to beat a password,” Mr. Von Hassel explained to 10News. Kristoffer had cracked security protocols four times since the age of one when he first discovered that he could bypass a smartphone’s lock screen by holding down the home key.
So how’d a 5-year-old crack his father’s Xbox One password? Easy; first he inputted the wrong password to usher the console’s verification window and then he inputted the space key a couple of times ─ this was enough to get him through Microsoft’s software developer backdoor.
Backdooring
Backdoor access is typically associated with malicious hacking, where hackers bypass normal authentication techniques to illegally access someone’s computer. This is sometimes accomplished by downloading contaminated files that secretly install remote-access tools.
However, network administrators often use legal backdoors to legally supervise actions in a business network. Programmers may also install benign backdoors as a means of accessing content faster when modification or testing needs to be done, but these methods are usually erased before the product is released. It appears that Microsoft simply forgot to do this in the case of the Xbox One.
Microsoft’s response
Mr. Von Hassel contacted Microsoft’s Xbox division as soon young Kristoffer showed him the exploit. In response, the company rewarded the boy with four games, $50, and a year-long subscription to Xbox Live, the console’s online service, saying, “We're always listening to our customers and thank them for bringing issues to our attention. We take security seriously at Xbox and fixed the issue as soon as we learned about it.” Kristoffer was publically acknowledged as a “security researcher” on the company’s website.
Via 10news
Advertisement
Learn more about Electronic Products Magazine
