Connect with us

#GameTechie

Unpatchable exploit for the Nintendo Switch found by security researchers

This exploit will affect all NVIDIA Tegra X1 based devices.

nintendo switch exploit
Image: Katherine Temkin

Security researchers {re}switched have discovered a vulnerability in the NVIDIA Tegra X1 chip that powers the Nintendo Switch.

This vulnerability opens the possibility for an attacker to run arbitrary code on the console. Dubbed Fusée Gelée by the group, it takes advantage of an issue in the USB hardware stack of the device and bypasses the protections for the critical bootROM.

Apparently, it’s unfixable in current consoles without a recall as any bugfixes would have to be done with a hardware revision at the factory. All 14.8 million Switch consoles that have been sold to date are affected, according to {re}switched. Similar to other hacks for prior consoles, this paves the way for homebrew software and potential piracy.

The exploit, which is fairly complicated, first involves kicking the Switch into USB recovery mode by shorting a pin on the right-hand Joy-Con connector. A payload is then sent at a crucial point during the USB check, forcing the system to “request up to 65,535 bytes per control request,” which has a knock-on effect which causes a DMA buffer overflow in the bootROM. This process gives hackers access to the normally-protected application stack. Once inside the stack, they can exfiltrate any secrets on the hardware or run anything they want.

While it might seem irresponsible to post the full instructions online, the whitehat group say they are acting in the public good. According to the team,

“This vulnerability is notable due to the significant number and variety of devices affected, the severity of the issue, and the immutability of the relevant code on devices already delivered to end users. This vulnerability report is provided as a courtesy to help aid remediation efforts, guide communication, and minimize impact to users.”

They also note that several other groups are working on a similar exploit, including one that is saying that they will sell access.

This is obviously a serious issue for Nintendo to grapple with, and we’ll be keeping an eye on the situation as it develops.

Maker, meme-r and unabashed geek. My hobbies include photography, animation and hoarding Reddit gold.

Comments

More in #GameTechie