Every Nintendo Switch Can Be Hacked, and Nintendo Can’t Patch It

Every Nintendo Switch Can Be Hacked, and Nintendo Can’t Patch It

The Nintendo Switch has been a massive success for Nintendo, shipping nearly 15 million units to date and outselling the lifetime sales of the Wii U in less than a year. Nintendo has always worried about the system’s security — the company has refused to provide backup options for saved games because it’s terrified the capability will be abused by hackers. Now, the entire point is moot. Every single Switch ever shipped has a flaw that Nintendo literally can’t patch out of the system.

According to the hacker team ReSwitched, their attack Fusée Gelée, is:

[A] coldboot vulnerability that allows full, unauthenticated arbitrary code execution from an early bootROM context via Tegra Recovery Mode (RCM) on NVIDIA’s Tegra line of embedded processors. As this vulnerability allows arbitrary code execution on the Boot and Power Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the entire root-of-trust for each processor, and allows exfiltration of secrets e.g. burned into device fuses.

Translation: Katherine Temkin and her team have found the keys to the kingdom. However Nintendo may address this in the future, there’s no fixing the Switches that have already shipped — because the vulnerability that allows this exploit to exist is a code mistake in the read-only bootrom set before the device leaves the factory. There’s nothing to be done about it once the device has left the building.

The hack is a buffer overrun attack that allows data to be copied into protected memory, where it shouldn’t have access, and allows the attacker to run arbitrary code. Ars Technica notes that forcing a Switch into USB recovery mode is potentially difficult — except that there are methods, including specialized devices, that can perform this task simply and on demand.

Every Nintendo Switch Can Be Hacked, and Nintendo Can’t Patch It

On her page, Temkin notes:

[Fusée Gelée isn’t] a perfect, ‘holy grail’ exploit– though in some cases it can be pretty damned close. The different variants of Fusée Gelée will each come with their own advantages and disadvantages. We’ll work to make sure you have enough information to decide which version is right for you around when we release Fusée Gelée to the public, so you can decide how to move forward.

Nintendo’s decision to prevent saved game backups on the Switch was consumer-hostile to start with. Now, security breaches like this make it nonsensical. Every single Switch in-market today can be hacked, full-stop. It’s true that these kinds of hacks can also be used to facilitate piracy (something Temkin notes in her FAQ), but by refusing to provide valid solutions for capabilities gamers want, Nintendo pushes more people towards piracy in the first place.

In the same way that not everyone who jailbreaks a phone wants to steal software, not everyone who jailbreaks a Switch wants to pirate games. Oftentimes, especially with a mobile system, people want to backup games they’ve already poured hundreds of hours into. Whatever marginal utility locking down saved games solved, it’s over now.

One more thing to keep in mind: Nintendo may not be able to prevent the hack, but it’s possible they will take action to lock Switches compromised in this fashion from connecting to Nintendo servers or using Nintendo services. Keep a careful eye on how the situation develops before committing to anything.

Continue reading

ET Deals Roundup: Up to 30% off ThinkPads Coupons, Pre-Order the Nintendo Labo, and more

January is more than half-way over – have you started your new exercise routine yet? Well, you can find discounts on new equipment if you know where to look. You can also unload some of those gift cards on a new TV or even Nintendo's new cardboard-based Labo kit.

The Nintendo Switch Has Outsold the Wii U in Less Than a Year

As part of its quarterly report, Nintendo said the Switch has moved 14.86 million units as of the end of 2017. That's already more than the Wii U in its entire life, which is even faster than expected.

Nintendo Switch Hacked to Run Linux, So Can We Get Save Game Backups Now?

The Nintendo Switch has been hacked and is capable of booting Linux in a new cold-boot exploit. Will Nintendo finally relent on user saved games — or lock things down that much tighter?

Third-Party Docks Are Bricking Nintendo Switch Consoles After Firmware Update

If you use a third-party dock, be very wary of Nintendo's 5.0 firmware update. There are widespread reports it's bricking Switch consoles.