This is the newest addition to Microsoft’s security team, and he’s only five years old. His name is Kristoffer Von Hassel and the little rascal lives in San Diego. Like most kids and a rising number of adults, he just loves video games. But this kid is also a proven hacker.
He successfully wiggled his way into his father’s Xbox One account, whether by accident or pure genius – by finding a weakness in the password verification screen, called a “backdoor” in the infosec community. An ABC 10 report states that he had entered the wrong password, hit space a few times, and the next thing he knew was that he had full access. He could now browse a plethora of video games he wasn’t supposed to play.
Parents these days know, especially those who try to forbid or limit their children’s access to computers, that kids who grow up with this technology simply outclass us old mortals when it comes to getting what they want. The only way you can limit your kid’s access to games is to physically remove the platform in question. No passwords can stop them, and apparently not even Microsoft’s (buggy) security checkpoints.
I got nervous. I thought he was going to find out
The next thing little genius Von Hassel and his dad, Robert (who works in security, by the way) did was to report the issue to Microsoft. Not only did the Xbox team react promptly to fix the issue, but they have declared him an official Security Researcher in their list of acknowledgements. He got $50, a year-long subscription to Xbox Live and, ironically enough, four free games. Just as a “thank you” from Microsoft’s security team.
The good side of course is that he found a security flaw, but parents need to realize that kids these days eat technology for breakfast. If you want to limit your kid’s access to a PC or a console, think twice before you rely solely on a password, no matter how difficult it is to guess. But the parties that should be really worried about the future are state agencies and private enterprises. History is filled with kid hackers – in fact they are the ones who had transformed the way internet security operates.
Back in the 80’s kids were accessing networks and email databases of such names as Coca-Cola, Citibank and NASA. The FBI was conducting raids left and right trying to get these elusive kids. Both the internet and modern software is now better secured but still too complex to be actually secure, so stories like these are not surprising in the security community. Just don’t get on your genius kid’s bad side, and try to keep your sensitive data isolated and secure. In fact, not sharing your machines with your kids might be the best idea.