With all of the security breaches that have happened lately, I’m not surprised that we have a vulnerability on our hands. It’s not to the magnitude of Equifax, mind you, but as I’ve been saying for a while now, we have to keep our data safe and protected. Security researchers from ReSwitched have discovered a vulnerability in the Nintendo Switch. The problem is that this could let hackers run arbitrary code on all current consoles. Known as “Fusée Gelée” (“Frozen Rocket”), it exploits code in the NVIDIA Tegra X1s USB recovery mode, bypassing software that would normally protect the critical bootROM.
The biggest concern is that this appears to be something that can’t be patched, and could allow users to run pirated games. While no vulnerability is good, I think on the scale of good versus bad, this certainly isn’t bad. I mean, the worst thing you can do is run a pirated game. Oooh. Too bad, Nintendo. Like I said before, it’s not the magnitude of Equifax, for example, because no confidential data should be present. But again, that doesn’t mean that you shouldn’t keep your data protected.
The exploit involves kicking the Switch into USB recovery mode by shorting a pin on the right-hand Joy-Con connector. A payload is then sent at a crucial point during a USB check, forcing the system to “request up to 65,535 bytes per control request,” much more than it can handle. That causes a DMA buffer overflow in the bootROM, giving hackers access to the normally-protected application stack. From there, they can run whatever code they want.
This is where it becomes a problem for Nintendo. Much like the one on your PC, the Tegra X1 bootROM on the Switch is hardcoded and can’t be changed once it leaves the factory. This would be fine if it was secure, but unfortunately, it has the bad length error built into it. Which means, there’s nothing that NVIDIA or Nintendo can do about it. And that’s bad news for Nintendo because they have shipped 14.8 million units already, according to ReSwitched.
By exposing secret code in the Application stack, the exploit might allow hackers to reverse engineer application security and run pirated or emulated software. It could also be useful for less dodgy functions, like finally giving users the ability to backup game saves in case their Switch is stolen or broken. Again, this isn’t extreme, but it is a pretty good way to be able to get around some of the rules imposed on us by Nintendo.
Nintendo does have one method of recourse. If they can detect users taking advantage of this bug, they can block them from being able to play online. Which may be a small price to pay for someone wanting to get around the system. There are a number of hacks online but beware of using any of them. As with anything – it may or may not harm your actual device.