Hackers and fraudsters are reaching new levels of effectiveness in locating security glitches. Almost any device that can connect to the internet has been proven to be vulnerable. But this time it’s a 5-year old American kid who has exposed a glaring vulnerability in the popular Xbox Live online gaming platform.
Kristoffer Von Hassel from San Diego apparently isn’t really interested in his Lego toys and jigsaw puzzles. The kid has spent the last few months manipulating a certain electronic gadget in his living room; his dad’s Xbox gaming console.
The talented kid not only managed to play online games, he also accessed and successfully hacked into the Xbox Live member account. His father Robert Davies confessed that this “in-house-hacking” has been going on for months.
Robert, a security information officer, was already aware of his young son’s knack for manipulating gadgets. He had previously bypassed the lock screen on his smartphone by holding down the “Home” key for an extended period. Little Kristoffer then turned to playing games he isn’t supposed to. A brief investigation revealed the whole story.
Kristoffer found a way to hack into his dad’s Xbox Live account. He first entered a false password, which took him to a password verification screen. But the kid was not deterred. He hit the space-bar several times and then followed it up by hitting the “Enter” button. The aforementioned security glitch then let him into the system with full access.
The father alerted Microsoft security officials, who have since patched up the issue. Kristoffer received a decent booster for his efforts – four free Xbox games, $50 in cash and a year-long subscription to Xbox Live. The tech-savvy kid has also been acknowledged as a “security researcher” on the Microsoft website.
Xbox Live is one of the world’s most popular virtual playgrounds. People from all over the world spend their hard-earned money to buy subscriptions and gain access to games, applications and digital media. Microsoft’s gaming hub currently boasts over 48 million subscriptions, making information security very crucial.
This security issue was probably caused by an unsecure backdoor left open by the programmers in the testing phase. If so, this is a classic case of professional negligence (lack of AppSec awareness) that could have been rectified with an automated testing solution. Source Code Analysis (SCA) is one such method, helping in the location of coding errors and unprotected data like in the case mentioned in this article.
Source – Boy Finds Xbox Security Bug