Five-Year Old Boy Exposes Xbox One Security Flaw

[ShogunGino]

This kid is on his way to becoming an awesome supervillain. He's already got the budding superpower (hacking mastery), and the badass name (Kristoffer Von Hassel already sounds like something out of an Issue #1). Any more time spent developing this, and he'll be dropping bad one-liners like a pro. "You didn't get hacked! You just got Hasseled!!"

But seriously, coding flaws always pop up in the weirdest of places. Pretty bad luck for this one to be found out by a 5 year old.

 

[CarlsonAndPeeters]

What kind of five year old get's a $500 console? I had to buy all my consoles.

From the video it seems pretty likely to me that its his dad's console, since he was using the hack to get onto his dad's account. Or he just gets nice gifts from relatively wealthy parents.

 

[Saltyk]

This kid is on his way to becoming an awesome supervillain. He's already got the budding superpower (hacking mastery), and the badass name (Kristoffer Von Hassel already sounds like something out of an Issue #1). Any more time spent developing this, and he'll be dropping bad one-liners like a pro. "You didn't get hacked! You just got Hasseled!!"

But seriously, coding flaws always pop up in the weirdest of places. Pretty bad luck for this one to be found out by a 5 year old.

I so want this to happen, now. He could have his own comic which eventually gets adapted by some horrible movie studio so that it fails as both a faithful adaption and as a stand alone movie. And we'll all hate it.
Unless it was a Marvel comic. Then, it might actually stand a chance.

OT: Seems odd to enter empty spaces, though. I'm wondering why the kid would have even tried that.

 

[WeepingAngels]

Not wishing to be "that guy" but the fact that the kid's father is a computer security expert makes me think this story might have been made up i.e. the Dad found the flaw and came up with the story to illustrate how glaring the flaw really is and to make the story more newsworthy and entertaining.

I agree. This whole thing smells very fishy to me.

Well, it was very easy to forsee that the internet would go wild with this. "OMG a 5 year old put a bunch of spaces into a console and got lucky! He's a genius."

 

[Saika Renegade]

Reminds me of one of those entries on the Evil Overlord List: any plan with a flaw that can be identified by a five year old will not be implemented.

 

[Andrew_C]

Damn, what happened to the Microsoft Security Development Lifecycle? You know, the development model they spent so much money and effort coming up with after Windows XP was such a disaster area?

 

[Extragorey]

Reminds me of the time I figured out how to bypass basic HTML/Javascript login forms. Hacking is always so satisfying.

 

[Spade Lead]

This kid is going places. He also has a really cool dad.

Yeah, while it is awesome that the kid found a hole like that, his father's reaction is just amazing. Rather than being upset, he applauds his child and is proud of him.

 

[Kermi]

It never fails - EVERY time the XBone makes a new headline, it's one more reason not to buy the damned thing!

this suggests that part of your purchasing decision is not only based on the parental control issue, but also your current plan to go back in time to before it was fixed.

 

[busterkeatonrules]

It never fails - EVERY time the XBone makes a new headline, it's one more reason not to buy the damned thing!

this suggests that part of your purchasing decision is not only based on the parental control issue, but also your current plan to go back in time to before it was fixed.

Even if they do fix the issue, the fact remains that it DID HAPPEN. The XBone got hacked by a five-year-old child. The XBone was released to the public with a serious security flaw that made it past designers, programmers, beta-testers and what-have-you, before finally being discovered and exploited by a five-year-old child.

As a consumer, I need to ask myself the following:

What OTHER glaring issues did Microsoft miss before this thing hit the streets? How do I know for certain that this is the last one?

And most importantly: Do I want to be the person who discovers the NEXT damning problem?

 

[Animyr]

Step 1:The Xbox.
Step 2:The world!
Step 3:??
Step 4rofit.

 

[Kermi]

It never fails - EVERY time the XBone makes a new headline, it's one more reason not to buy the damned thing!

this suggests that part of your purchasing decision is not only based on the parental control issue, but also your current plan to go back in time to before it was fixed.

Even if they do fix the issue, the fact remains that it DID HAPPEN. The XBone got hacked by a five-year-old child. The XBone was released to the public with a serious security flaw that made it past designers, programmers, beta-testers and what-have-you, before finally being discovered and exploited by a five-year-old child.

As a consumer, I need to ask myself the following:

What OTHER glaring issues did Microsoft miss before this thing hit the streets? How do I know for certain that this is the last one?

And most importantly: Do I want to be the person who discovers the NEXT damning problem?

Oh, ok.

In that case I'm not buying a PS4 because of PSN getting hacked in 2011 and I stopped playing games on PC because I really hated Steam back in 2003. In fact, I've decided to stop gaming altogether. They're so buggy, I lost my Final Fantasy VIII save file once and now I just don't see the point.

I'm not even going to start on why you think bypassing the parental lock is a "serious" security flaw. Oh no! A child briefly accessed mature rated games before being discovered by his parents who were providing adequate supervision like they're supposed to!

 

[Steve the Pocket]

Fish swim, birds fly, Michael Atkinson molests dogs, and Microsoft's security team can't be bothered to check for stuff they forgot to finish programming.

Also, today's captcha uses the Ubuntu font. I know this because it perfectly matches the lettering in the entry field, and I happen to be using Kubuntu Linux right now. Seriously, check it:

 

[Zanderinfal]

"I was like yea!" the boy told local news station <a href=http://www.10news.com/news/5-year-old-ocean-beach-exposes-microsoft-xbox-vulnerability>ABC 10 News.

What an inspiring quote. Seriously though, this is amazing on multiple levels. And frankly hilarious. One day he will become a game tester that will find ways to break any game before him, and thus have them fixed before release (hopefully).

Capatcha: "High Five"
Indeed, this kid deserves many of those.

 

[MonkeyPunch]

We can be glad that boy wasn't more of a Hassel for Microsoft.
Urgh that was terrible.
The dad seems cool. Guess he passed on his problem solving skills to his boy.

Even if they do fix the issue, the fact remains that it DID HAPPEN. The XBone got hacked by a five-year-old child. The XBone was released to the public with a serious security flaw that made it past designers, programmers, beta-testers and what-have-you, before finally being discovered and exploited by a five-year-old child.

As a consumer, I need to ask myself the following:

What OTHER glaring issues did Microsoft miss before this thing hit the streets? How do I know for certain that this is the last one?

And most importantly: Do I want to be the person who discovers the NEXT damning problem?

Well the Xbox1 didn't get hacked per se. One of it's security measures was merely bypassed. There's a fair bit of a difference there.
Personally I'd say that bypassing a parental control isn't at all "a serious security flaw". Personally I'd say that a title like that should be reserved for something like having your clients Credit Card details hacked, for example. That's a lot more serious.
Not to mention that it's the first most people have heard of this vulnerability. It doesn't even seem like anyone else found this, let alone had the chance to abuse it. So in practice this is nothing but tame and all it does is make for a fun story about a kid who stumbled on something by chance.

And no you don't and never will know for certain that this is "the last" problem. In fact, let me tell you it won't be.
But things like this will happen all the time and not just to Microsoft quite obviously.

You will never know if any product you buy is flawless. Even for established ones that have been "doing right" by their customers for years.
This applies doubly to electronics and even more so to consoles.

 

[Lightknight]

That's a pretty significant security flaw. Getting into the profile that easily could mean some account shenanigans from a thief. But not that much that can't be undone.

But good on Microsoft for responding positively to the kid's findings, closing the security breach, and rewarding the kid for finding it. That's a lot better than some other companies that pretend like the person didn't do them a favor.

 

[FalloutJack]

"Clear? Why a four-year-old child could understand this report! Run out and get me a four-year-old child. I can't make head or tail out of it." - Groucho Marx

Boy, they build these super-geniuses younger and younger these days.

 

[Barbas]

This is extremely funny. Maybe it shouldn't be, but for some reason it really is.

Glad they got it sorted out in the end. Good on that kid!