Lady Lilith Posted April 5, 2014 Share Posted April 5, 2014 http://kotaku.com/five-year-old-boy-exposes-xbox-security-flaw-1558183736 Meet Microsoft's newest security researcher: Kristoffer Von Hassel. He lives in San Diego. He loves video games. And he's five years old.P He's also a better hacker than any of us. Von Hassel cracked into his dad's Xbox One account by finding a backdoor in the password verification screen, as ABC 10 reports. He entered the wrong password, hit space a few times, and somehow found himself with access to a treasure trove of video games he wasn't supposed to play. Kids these days, am I right? Von Hassel and his dad reported the issue to Microsoft, and the folks at Xbox not only fixed the issue, but added him to their acknowledgement list as an official Security Researcher. He also gets four free games, $50, and a year-long subscription to Xbox Live. Well, Microsoft always has had shitty manufacturing. Now I guess we can say shitty software design too. Who designs an account system where literally a 5 year old can get in via hitting space a few times after entering the wrong password? 4 Link to comment Share on other sites More sharing options...
Popular Post Dr_Mayus Posted April 5, 2014 Popular Post Share Posted April 5, 2014 Holy shit xbox controllers are huge 13 Link to comment Share on other sites More sharing options...
xNikolai01 Posted April 5, 2014 Share Posted April 5, 2014 hahaha, frekin' genius Link to comment Share on other sites More sharing options...
ProGamerX56 Posted April 5, 2014 Share Posted April 5, 2014 No genius, imagine what actual hackers could do with this exploit. They could rob Microsoft for all they are worth. I've always hated Xbox, but this takes it to da next level! Link to comment Share on other sites More sharing options...
Popular Post TheVader66 Posted April 5, 2014 Popular Post Share Posted April 5, 2014 (edited) I bet Microsoft got really pissed hearing that a 5 year old boy found a potentially dire security flaw, the guy in charge of security is so fired. Edited April 5, 2014 by TheVader66 9 Link to comment Share on other sites More sharing options...
Fawazc98 Posted April 5, 2014 Share Posted April 5, 2014 A five year old kid can break your Xbox one password am I hallucinating lol? Link to comment Share on other sites More sharing options...
ProGamerX56 Posted April 5, 2014 Share Posted April 5, 2014 As I said, if a 5 year old can crack it, then either the kid is a fucking Genius or it was so easy to crack [which it is apparent here]. I have means to believe the Xbone was rushed out of the door. Xbox One needed more time before they went out of the door, and as they retooled the OS after the mass was flashed, that is just a fail. Link to comment Share on other sites More sharing options...
closertim Posted April 5, 2014 Share Posted April 5, 2014 If this is true, how did it take so long to find out? Link to comment Share on other sites More sharing options...
Parker Posted April 5, 2014 Share Posted April 5, 2014 At least Microsoft were made aware of the issue and fixed it before people got screwed out of their accounts and potentially hundreds or thousands of dollars. Parker 1 Link to comment Share on other sites More sharing options...
Goekie Posted April 5, 2014 Share Posted April 5, 2014 Holy shit xbox controllers are huge They used to be a lot bigger and heavier 1 Link to comment Share on other sites More sharing options...
BooneJusticius Posted April 5, 2014 Share Posted April 5, 2014 There's some information missing from this story. There are 2 ways to access an account on Xbox One, first being when you initially add it to a console and second being when you go to sign in after it's been added. What's missing, and this is missing from every version of the story I've seen, did the vulnerability work on both instances or just one? It's obvious from the story that it worked in the second case of accessing an account, where it's already on the console. It's never mentioned if it worked in the first method. You do not get that particular screen when adding an account to a console, the one in the story where it shows the email address. If it only worked when the account is already on the console then people are really making a much bigger deal out of this than it really is since for anyone to actually use that vulnerability they would have to already know the password in order to be able to put a person's account on their console in the first place just so they can exploit the vulnerability. 3 Link to comment Share on other sites More sharing options...
acasser Posted April 5, 2014 Share Posted April 5, 2014 One of the first rules of being a good supervillain -- that's "good at your job" and not "good on a morality scale of Good/Evil" -- is that you hire a couple of kids that age to be assistants. You use them as troubleshooters and scrap any ideas and the like that they can find flaws in. Clearly, Microsoft isn't a very good Supervillain. Link to comment Share on other sites More sharing options...
damon8r351 Posted April 5, 2014 Share Posted April 5, 2014 Oh, THIS was why my wife was laughing her ass off last night and trying to tell me Microsoft got hacked by a 5 year old. Link to comment Share on other sites More sharing options...
razizo41 Posted April 5, 2014 Share Posted April 5, 2014 maybe this exploit was caused by removing drm? anyway glad to see they fixed it but it is still funny how a 5 year old hacked in to their system and there's a possibility that this wasn't the first time this exploit was used but it was the first time someone reported it maybe! kids might got a bright future Link to comment Share on other sites More sharing options...
Dr_Mayus Posted April 5, 2014 Share Posted April 5, 2014 They used to be a lot bigger and heavier 2 Link to comment Share on other sites More sharing options...
Goekie Posted April 5, 2014 Share Posted April 5, 2014 I remember when they first brought out the 'slim' version of the Xbox 1 controller, after only like 2 or 3 months or so since it released they offered everyone who had a fat controller to trade it in for a slim and you'd even get a free game as compensation for your troubles, that's how huge it was, hilarious! On topic: From a company that originally developes software for computers, this does look very amateuristic sheesh Link to comment Share on other sites More sharing options...
closertim Posted April 5, 2014 Share Posted April 5, 2014 4 games, $50 and a year subscription to live.... Is that the going rate for saving your security? 1 Link to comment Share on other sites More sharing options...
c0ldbludedkillah Posted April 5, 2014 Share Posted April 5, 2014 LMAO Link to comment Share on other sites More sharing options...
Starrk_01 Posted April 5, 2014 Share Posted April 5, 2014 I wonder how old the people were that hacked the PSN a few years ago? Guarantee they weren't five 1 Link to comment Share on other sites More sharing options...
Wolvie_181 Posted April 6, 2014 Share Posted April 6, 2014 Why should anyone be surprised by this? This is coming from a company that makes hackable PC software Link to comment Share on other sites More sharing options...
lporiginalg Posted April 6, 2014 Share Posted April 6, 2014 Blows my mind such a sad security flaw could exist. Link to comment Share on other sites More sharing options...
ZombeeJoggernaut Posted April 6, 2014 Share Posted April 6, 2014 No wonder Anonymous hacked PSN rather than XBLA. They wanted a challenge. Link to comment Share on other sites More sharing options...
ProGamerX56 Posted April 6, 2014 Share Posted April 6, 2014 Anonymous hacked ps3 because Sony didnt allow them to jailbrrak, but rofl. Link to comment Share on other sites More sharing options...
BooneJusticius Posted April 6, 2014 Share Posted April 6, 2014 (edited) Here's a couple interesting reads that shows that someone, most likely the father with the assistance of the media, is intentionally trying to make Microsoft look bad by exaggerating the problem and using clever editing, a misrepresentation of facts as well as leaving out certain facts to cover up what this story really is, a PR stunt for the company the father works for. Microsoft just demoed how Azure can work with gaming this past week and suddenly this story comes out, a story about a kid with a father who used to work at Sony and now just so happens to work at a company that is an Azure competitor as well? That's not just coincidence. The links indicate an intentional exaggeration of the problem as it's not an actual account hack but a parental control bypass, very different, as well as some information on the father. The first link also includes information from MSRC (Microsoft Security Response Center) that states the payout is in line with a parental control bypass "hacK" and not an actual major security hack like is being reported as if it was an actual account hack the payout would be more like $11,000. http://www.ign.com/blogs/headpirate/2014/04/05/did-a-5-year-old-really-hack-the-xbox-one http://www.linkedin.com/pub/robert-davies/5/302/B17 Edited April 6, 2014 by BooneJusticius Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now