A 5-year-old California boy who wanted to play video games that he wasn’t supposed to figured out a way around his dad’s password and discovered a major security flaw in Microsoft’s Xbox Live service in the process.
Kristoffer Von Hassel of San Diego realized that if he put in the wrong password and then filled up the field by pressing the space bar when he was asked again, the Xbox Live service would let him in so he could play his father’s games.
“I was like yea!” Kristoffer told ABC 10. “I got nervous. I thought he was going to find out,” said Kristoffer.
When he did find out, Robert Davies was proud of his son, not upset.
“How awesome is that!” Davies said. “Just being 5 years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.”
Microsoft was alerted about the bug and has fixed the problem.
As a thank-you for his services, Kristoffer will receive four games, $50 and a year-long subscription to Xbox Live.
He’s also been listed as an official “security officer” on a page thanking people who have discovered problems with Microsoft products.