Flaw Discovered in Nintendo Switch Console

Media Division | March 17, 2017

The Nintendo Switch was one of the most anticipated releases this year in the realm of gaming.  With its ability to be played at home or on the go, it is quite an unprecedented new type of console.  Unfortunately, barely two weeks after being released, the Nintendo Switch has been hacked by way of a flaw in the browser of the machine, which is not even officially supposed to be present.

Console hacking has been around for quite some time.  There were hacks and modifications being done to much older systems, like the original Xbox, years ago.  The basic purpose is essentially to make these machines do something that they are not supposed to do, or that no one knew was possible.  And as every new console is released, it becomes a race of who can crack the console first.

How the Hack was Achieved

In the latest hack of the Nintendo Switch, the success was claimed by Luca Todesco, an Italian iPhone jailbreaker.  Todesco had posted an image on his Twitter of the Switch’s screen displaying “done” below his laptop screen which showed the code that he had used to achieve it.  The hack was achieved through an old Apple IOS flaw in a hidden browser contained on the console.  He had employed a modified version of his JailbreakMe tool to exploit the Apple IOS flaw within the WebKit HTML rendering engine through use of the hidden browser.  A second user named LiveOverflow repeated the method and published a confirmation of the finding, and also demonstrated that malicious code could be run remotely.  A research group called ReSwitched had also employed their own tool to achieve success in hacking the Switch.

The reason this hack was unexpected was simply the fact that Nintendo had made statements in February suggesting that there would be no browser for the Switch.  This was doubted by many people, as it was questioned how individuals would connect to hotspots with captive portals on their portable console.  But a hidden, integrated browser interface was discovered that could be initialized under certain conditions, such as using a hotspot or accessing a Facebook profile.

Fortunately, this discovered flaw is not on the same level as a full kernel jailbreak, which would allow custom firmware or piracy.  And the flaw can be easily patched through an update, but as to when this will happen is uncertain.  Whatever the case, it seems to display some negligence on the part of Nintendo, as this is an issue that should have been expected and addressed months ago.  Software flaws within browsers are not uncommon, and so this should have been anticipated.  While nothing will likely come out of this specific discovered exploit, there could be potential for further malicious purposes if other flaws were to be discovered.  In an interview with Forbes, Todesco stated that his hacks open the door for further jailbreaks of the Switch, and he speculated about the future use of them by stating, “If there is a microphone you could use the switch to record and send that remotely.”

Employing Formidable Cyber Security to Prevent Cyber Attacks

With a multitude of devices being connected to the internet that previously never were, cyber security is more critical than ever.  There is now a range of devices that an attacker could attempt to exploit.  An organization needs to ensure that they have proper cyber security tools and implements in place to defend from all vectors of attack.  Massive Alliance provides a wide array of cyber security services to help your organization prevent cyber attacks.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.