HomeWinBuzzer NewsUnfixable Nintendo Switch Vulnerability Leaves Every Console Open to Attack

Unfixable Nintendo Switch Vulnerability Leaves Every Console Open to Attack

A bootROM flaw in every Nintendo Switch leaves the device open to hackers, with no patch update fix available as an option.

-

The has been a success for the Japanese company. After the misstep of the Wii U, Nintendo is finally back competing evenly with Sony and . However, a report by Ars Technica highlights an exploit that opens every Switch to hacking.

Yes, every single Nintendo Switch (around 15 million sold) could be hacked because of the flaw. Hacker Katherine Temkin and ReSwitched published details on the Fusée Gelée coldboot vulnerability. The team also showed a proof-of-concept for an exploit that opens the Switch to attack.

At its core, the exploit uses a flaw found in the Tegra X1's USB recovery mode. This chip's bootROM should have lock-out processes to prevent exploits, but for some reason it does not work for this flaw.

This means a hacker could use a bad length argument to push the system to “request up to 65,535 bytes per control request.” Of this, too much data passes the memory access buffer and allows the data to vulnerable to attack.

“By carefully constructing a USB control request, an attacker can leverage this vulnerability to copy the contents of an attacker-controlled buffer over the active execution stack, gaining control of the Boot and Power Management processor (BPMP) before any lock-outs or privilege reductions occur,” Temkin wrote of her discovery.

Of course, bugs happen and companies send out patches to fix them, but that won't happen in this case. Temkin says the flaw is unpatchable and cannot be fixed with an update.

“Since this bug is in the Boot ROM, it cannot be patched without a hardware revision, meaning all Switch units in existence today are vulnerable, forever. Nintendo can only patch Boot ROM bugs during the manufacturing process.”

Reason for Disclosure

A hacker would need to be skilled to take advantage of the exploit, but now the method for doing so is published, people can follow it. The question is, why would a white-hat hacker like Temkin post the information on line, essentially helping people take advantage of the exploit?

She says the exploit is “notable due to the significant number and variety of devices affected, the severity of the issue, and the immutability of the relevant code on devices already delivered to end users. This vulnerability report is provided as a courtesy to help aid remediation efforts, guide communication, and minimize impact to users.”

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News