There’s been a lot of speculation about the possibilities to hack the Nintendo Switch already. With the device in the hands of hackers for just a small week, it’s unlikely that any group has made any significant progress so far (but hey, nothing’s impossible, we did hack the PSP emulator on the PS Vita on day 1).
Nevertheless, it’s obvious that some people are already digging in the guts of the device to look for hardware and software flaws.
The Nintendo switch has a browser, it’s (not very well) hidden
Nintendo announced the Switch would not ship with a browser. In practice, it’s required for any modern device to have a browser, if only to access some Wifi endpoints that required to “sign in” on an html-based form. It turns out, this browser exists on the Nintendo Switch, and has already been hijacked to access a few sites, and even to watch videos on youtube or Plex.
As to what that browser is, it appears to be a webkit-based (not a tough guess, pretty much all browsers are webkit-based nowadays) piece of software, likely Access Netfront NX. (Which wouldn’t be a surprise. Access is a Japanese company that’s been providing the Netfront browser to a bunch of embedded devices in the past). From the hacking perspective, a webkit-based browser means that webkit vulnerabilities could be leveraged to hack the Nintendo Switch.
The Nintendo Switch OS might be a new iteration of the 3DS OS, and/or might be reusing some components of the FreeBSD Kernel
Hacker Marcan (who, for someone who says he does not intend to hack the Switch, has already looked a lot into its internals 🙂 ) has stated that the Switch OS might be based on FreeBSD, due to some of the licensing text on the Switch mentioning FreeBSD. If the Switch was based on FreeBSD, it would be the second console this generation to use FreeBSD, after the PS4. The benefits, from a hacking standpoint, would be that hacks for one of the devices would be likely to be adapted for the other one.
Conversely, it is also possible that the Switch only reuses parts of FreeBSD and is not based on it. Hacker Plutoo has mentioned that from his early investigations, the Switch OS seems to be very similar to the 3DS OS, with similar syscalls. He mentions however that it is most likely a rewrite (in other words, don’t expect 3DS hacks to work on the Nintendo Switch)
Nintendo Switch hack when?
That’s really the gist of it. Although I’m sure hackers are already looking into the console’s internals, not much is known about it at this point. Console manufacturers have been ramping up their skills on security over the past decade, and although Nintendo might not be at Sony or Microsoft levels in terms of security, it’s sure they’ve been learning from their past experience.
As always, the question is probably not “if” but “when” security vulnerabilities will be discovered for the Nintendo Switch.