Each month, the Microsoft Security Response Center publishes a list of security researchers to whom it is thankful for privately disclosing bugs in its online services and, often, working with it to fix them. On the surface, the latest list may not seem too different from the previous ones, but that’s only until you realize that one of the over three dozen security researchers on it is actually a five-year-old kid.
Late last year, Kristoffer Von Hassel, a San Diego-based five-year-old, stumbled on a vulnerability in the Xbox Live service, which he promptly exploited to log in to his dad’s account and access Xbox One games he wasn’t supposed to. This went on until his father, Robert Davies, found out about his exploits and asked him how he was doing it.
When confronted, Kristoffer, who had until then been “nervous” about his father finding out, was more than happy to spill the beans. He informed his dad that entering the wrong password brought up a password verification screen that could be bypassed by simply entering in a series of spaces.
"How awesome is that!" Davies told a local news station. “Just being 5 years old and being able to find a vulnerability and latch onto that. I thought that was pretty cool.”
A proud Davies, who works in computer security, promptly notified Microsoft about his son’s discovery. The tech giant has not only formally acknowledged Kristoffer’s valuable contribution in keeping Xbox Live secure, but also showered him with a few gifts — four games, $50 and a one-year Xbox Live.
“We take security seriously at Xbox and fixed the issue as soon as we learned about it,” the company said in a statement.
Image Credit: Microsoft
Follow Pulkit on; Google+