Every Nintendo Switch Can Be Hacked, and Nintendo Can’t Patch It

Every Nintendo Switch Can Be Hacked, and Nintendo Can’t Patch It

The Nintendo Switch has been a massive success for Nintendo, shipping nearly 15 million units to date and outselling the lifetime sales of the Wii U in less than a year. Nintendo has always worried about the system’s security — the company has refused to provide backup options for saved games because it’s terrified the capability will be abused by hackers. Now, the entire point is moot. Every single Switch ever shipped has a flaw that Nintendo literally can’t patch out of the system.

According to the hacker team ReSwitched, their attack Fusée Gelée, is:

[A] coldboot vulnerability that allows full, unauthenticated arbitrary code execution from an early bootROM context via Tegra Recovery Mode (RCM) on NVIDIA’s Tegra line of embedded processors. As this vulnerability allows arbitrary code execution on the Boot and Power Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the entire root-of-trust for each processor, and allows exfiltration of secrets e.g. burned into device fuses.

Translation: Katherine Temkin and her team have found the keys to the kingdom. However Nintendo may address this in the future, there’s no fixing the Switches that have already shipped — because the vulnerability that allows this exploit to exist is a code mistake in the read-only bootrom set before the device leaves the factory. There’s nothing to be done about it once the device has left the building.

The hack is a buffer overrun attack that allows data to be copied into protected memory, where it shouldn’t have access, and allows the attacker to run arbitrary code. Ars Technica notes that forcing a Switch into USB recovery mode is potentially difficult — except that there are methods, including specialized devices, that can perform this task simply and on demand.

Every Nintendo Switch Can Be Hacked, and Nintendo Can’t Patch It

On her page, Temkin notes:

[Fusée Gelée isn’t] a perfect, ‘holy grail’ exploit– though in some cases it can be pretty damned close. The different variants of Fusée Gelée will each come with their own advantages and disadvantages. We’ll work to make sure you have enough information to decide which version is right for you around when we release Fusée Gelée to the public, so you can decide how to move forward.

Nintendo’s decision to prevent saved game backups on the Switch was consumer-hostile to start with. Now, security breaches like this make it nonsensical. Every single Switch in-market today can be hacked, full-stop. It’s true that these kinds of hacks can also be used to facilitate piracy (something Temkin notes in her FAQ), but by refusing to provide valid solutions for capabilities gamers want, Nintendo pushes more people towards piracy in the first place.

In the same way that not everyone who jailbreaks a phone wants to steal software, not everyone who jailbreaks a Switch wants to pirate games. Oftentimes, especially with a mobile system, people want to backup games they’ve already poured hundreds of hours into. Whatever marginal utility locking down saved games solved, it’s over now.

One more thing to keep in mind: Nintendo may not be able to prevent the hack, but it’s possible they will take action to lock Switches compromised in this fashion from connecting to Nintendo servers or using Nintendo services. Keep a careful eye on how the situation develops before committing to anything.

Continue reading

New Intel Rocket Lake Details: Backwards Compatible, Xe Graphics, Cypress Cove
New Intel Rocket Lake Details: Backwards Compatible, Xe Graphics, Cypress Cove

Intel has released a bit more information about Rocket Lake and its 10nm CPU that's been back-ported to 14nm.

Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities
Time to Update: Google Patches 2 Severe Zero-Day Chrome Vulnerabilities

Unlike the last few zero-days, Google didn't find these security holes itself. Instead, it was tipped by anonymous third-parties, and the problems are severe enough that it hasn't released full details. Suffice it to say, you should stop putting off that update.

Early Adopters of Apple M1 Macs Should Be Cautious About Compatibility
Early Adopters of Apple M1 Macs Should Be Cautious About Compatibility

Apple's new MacBooks and Mac mini have made waves, partly thanks to the new silicon inside of them. Apple's new ARM ecosystem, however, is not without its growing pains.

Android 12 Could Include Major App Compatibility Improvements
Android 12 Could Include Major App Compatibility Improvements

Google has attempted to centralize chunks of Android over the years, and a major component called ART is set to get this treatment in Android 12. The result could be vastly improved app compatibility, which is sure to make everyone happy.