X

5-year-old finds Xbox security flaw, becomes Microsoft researcher

A boy works out how to get into his dad's Xbox Live account without a password. Microsoft not only plugs the flaw but appoints Kristoffer Von Hassel as a security researcher.

Chris Matyszczyk
2 min read

kristoffer.png
This is a Microsoft security researcher. KGTV screenshot by Chris Matyszczyk/CNET

When a 5-year-old tells me I'm a doofus, I don't always take it kindly.

I must, therefore, tug my forelock toward Microsoft for bowing to Kristoffer Von Hassel's security skills.

As KGTV reports, little Kristoffer is a wily character. His parents noticed that he was playing games on his dad's Xbox Live. These were not the sort of games 5-year-olds ought to be playing.

His dad wondered how this might be. So he said to Kristoffer: "Here, young man. Show me how you do that thing you do. This is most fascinating to me."

Clearly, I made up those words. But his dad, Robert Davies, is employed in computer security and that's how I imagine security people talk.

Kristoffer demonstrated that even though he typed in the wrong password, he still had a chance with the password verification screen. For reasons that aren't entirely clear, other than Kristoffer is 5 years old and possibly a genius, he decided to type in space keys and hit enter.

Hey became presto.

You might conceive that Dad was shocked, staggered, stunned, or even, as Kristoffer feared, angry.

Instead, Davies, from San Diego, told KGTV: "How awesome is that! Just being 5 years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool."

Did I mention he works in computer security?

The next step was, of course, to turn to Microsoft and say: "Hey, you know this password security thing. It doesn't work so well."

Redmond fixed the bug. However, Microsoft is becoming a far more human-oriented, underdoggy company. So, to its vast credit, it gave him four games, $50, and a year's subscription to Xbox Live.

Far more touching, though, is that it acknowledged Kristoffer on its site as a security researcher.

Microsoft gave the BBC this statement: "We're always listening to our customers and thank them for bringing issues to our attention."

It's clear that Kristoffer already understands the way the world works. Money, like gaming, can only go so far. There is a far more lasting joy to be had, one that can never be removed.

"I'm gonna be famous!" he told KGTV. He already is.

I cannot confirm, however, that the Microsoft board has already decided he will be the new CEO of the company in 2035.