Home

 › 

Articles

 › 

How A Five Year Old Broke Microsoft’s Xbox One Security

How A Five Year Old Broke Microsoft’s Xbox One Security

How secure is the Xbox One’s password lockout system? Secure enough that a five year old can break it.

San Diego child Kristoffer Von Hassel recently figured out how to bypass the Xbox One’s password lockout system, oddly enough before any professional hackers managed to. The exploit was simple; if you enter the wrong password when attempting to access someone else’s Xbox Live account, you’ll be taken to a second password verification screen. However, if you just enter spaces on this screen, the system will think that you entered the correct password and will let you in. Von Hassel figured this out purely by accident as he fooled around with the Xbox One randomly. Just in case you are thinking about logging in on your friends account and spending all of his money on DLC, hold your horses, because Microsoft has already fixed the exploit.

That being said, this has been a pretty cool couple of days for Kris. Microsoft has credited the child as a security researcher. They also gave him four free games and $50 on the Xbox Live Marketplace, as well as a free 12 month subscription to Xbox Live. That’s a pretty awesome prize, if you are a kid, but not particularly the salary of a Microsoft security researcher though.

Increasing the irony of the situation is the occupation of Kris’s dad, Robert Von Hassel. Robert works in, get this, computer security! When Kris broke into his father’s Xbox Live account, he was afraid that his dad was going to find out and that someone would “steal the Xbox.” Little did he know that he was going to end up being instrumental in fixing a pretty fatal flaw in Microsoft’s security scheme.

“We’re always listening to our customers and thank them for bringing issues to our attention,” said Microsoft in a statement. “We take security seriously at Xbox and fixed the issue as soon as we learned about it.”

But I have an honest question for Microsoft here… how did this happen? You have a team of testers working over your security, how did not one of them attempt to type in nothing but spaces on the password verification screen. Were they all just asleep at their desks that day?

How A Five Year Old Broke Microsoft’s Xbox One Security

The Xbox One is already a hot topic in the world of hacking. Only a few days after the Xbox One released, players found ways to access the development console menu. However, without an ID@Xbox account, there’s little anyone was able to do with this, other than brick their own system by putting it in a boot loop. However, people are already trying to figure out how to bypass the Xbox One’s security in order to run unsigned code and… of course… eventually open up the floodgates to piracy. In this age of digitally distributed content, the threat of piracy is particularly worrying to AAA companies.

Well, if there are more kids like Kristoffer Von Hassel out there, we won’t have to worry much at all… or at least if we do have to worry, the only pirated games will be like, Sesame Street TV or something.

To top