Every Nintendo Switch Can Be Hacked, and Nintendo Can’t Patch It

Every Nintendo Switch Can Be Hacked, and Nintendo Can’t Patch It

The Nintendo Switch has been a massive success for Nintendo, shipping nearly 15 million units to date and outselling the lifetime sales of the Wii U in less than a year. Nintendo has always worried about the system’s security — the company has refused to provide backup options for saved games because it’s terrified the capability will be abused by hackers. Now, the entire point is moot. Every single Switch ever shipped has a flaw that Nintendo literally can’t patch out of the system.

According to the hacker team ReSwitched, their attack Fusée Gelée, is:

[A] coldboot vulnerability that allows full, unauthenticated arbitrary code execution from an early bootROM context via Tegra Recovery Mode (RCM) on NVIDIA’s Tegra line of embedded processors. As this vulnerability allows arbitrary code execution on the Boot and Power Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the entire root-of-trust for each processor, and allows exfiltration of secrets e.g. burned into device fuses.

Translation: Katherine Temkin and her team have found the keys to the kingdom. However Nintendo may address this in the future, there’s no fixing the Switches that have already shipped — because the vulnerability that allows this exploit to exist is a code mistake in the read-only bootrom set before the device leaves the factory. There’s nothing to be done about it once the device has left the building.

The hack is a buffer overrun attack that allows data to be copied into protected memory, where it shouldn’t have access, and allows the attacker to run arbitrary code. Ars Technica notes that forcing a Switch into USB recovery mode is potentially difficult — except that there are methods, including specialized devices, that can perform this task simply and on demand.

Every Nintendo Switch Can Be Hacked, and Nintendo Can’t Patch It

On her page, Temkin notes:

[Fusée Gelée isn’t] a perfect, ‘holy grail’ exploit– though in some cases it can be pretty damned close. The different variants of Fusée Gelée will each come with their own advantages and disadvantages. We’ll work to make sure you have enough information to decide which version is right for you around when we release Fusée Gelée to the public, so you can decide how to move forward.

Nintendo’s decision to prevent saved game backups on the Switch was consumer-hostile to start with. Now, security breaches like this make it nonsensical. Every single Switch in-market today can be hacked, full-stop. It’s true that these kinds of hacks can also be used to facilitate piracy (something Temkin notes in her FAQ), but by refusing to provide valid solutions for capabilities gamers want, Nintendo pushes more people towards piracy in the first place.

In the same way that not everyone who jailbreaks a phone wants to steal software, not everyone who jailbreaks a Switch wants to pirate games. Oftentimes, especially with a mobile system, people want to backup games they’ve already poured hundreds of hours into. Whatever marginal utility locking down saved games solved, it’s over now.

One more thing to keep in mind: Nintendo may not be able to prevent the hack, but it’s possible they will take action to lock Switches compromised in this fashion from connecting to Nintendo servers or using Nintendo services. Keep a careful eye on how the situation develops before committing to anything.

Continue reading

Nintendo Switch Hacked to Run Linux, So Can We Get Save Game Backups Now?

The Nintendo Switch has been hacked and is capable of booting Linux in a new cold-boot exploit. Will Nintendo finally relent on user saved games — or lock things down that much tighter?

New Malware Spreads Through Hacked Sites as Fake Browser Update

There's a new piece of malware making the rounds online via hacked websites that uses sophisticated redirects and modified JavaScript to load a malicious payload on your computer.

Hacker Needed Just 2 Weeks to Add Save Backups to Nintendo Switch

Game backups are important on all platforms. After all, once you've spent 100 hours exploring an in-game world, losing your progress because of a hardware failure could be heartbreaking. The situation is even more dire with the Switch.

Bloomberg Claims Hacked SuperMicro Server Found in US Telecom

Last week, Bloomberg published an explosive article alleging that SuperMicro servers had been found with critical hardware-level compromises that could only have been inserted at the factory. The allegations sent shockwaves through the international tech community. Such attacks have been theoretically possible for years, but none are known to have actually occurred. But in the…