The Nintendo Switch already hacked through a known vulnerability?
It appears that the not-so-well hidden Nintendo Switch browser shipped with a bunch of old vulnerabilities that hackers were able to leverage. Yesterday, hacker qwertyoruiop (known for Jailbreaks of multiple iOS versions, and who also contributed to the PS4 1.76 Jailbreak) posted a screenshot of what seems to be a Webkit exploit running on the Nintendo Switch.
Update 2017/3/12: A proof of concept confirming the exploit has been released by another developer.
Nintendo Switch hack leverages known webkit vulnerability
According to the hacker, “all” he had to do was slightly tweak his existing jailbreakMe iOS Webkit exploit (hence the mention of iOS and pangu in the screenshot) and remove iOS specific code from it. Although qwertyoruiop has not provided any proof or release besides a screenshot, the hacker’s reputation makes it highly unlikely to be a hoax (I do not have access to the hack or a Nintendo Switch here to verify. It might actually be the first time in history that people could get their hands on a console hack more easily than on the console itself).
This implies Nintendo might have rushed the release of the Switch, if they released it with known Webkit vulnerabilities on the browser. I doubt they assumed people would not think of tampering with the hidden browser on day 1…
People with particular sets of skills (Liam Neeson can participate, but I was more thinking of people with a programming/hacking background) and access to a Nintendo Switch might be able to easily verify the claim: qwertyoruiop’s Jailbreak code can apparently be found here for people to play with.
I’m suspecting that many other hackers, in particular in the 3DS/Wii U scene, were already looking into similar vulnerabilities. Qwertyoruiop has already started digging deeper, mentioning that the Switch’s syscalls don’t look like FreeBSD. This goes in the direction of what Plutoo had said before, that the Switch’s OS might be a new iteration of the 3DS OS code, rather than FreeBSD based (it’s still very likely however that the Switch uses elements from the FreeBSD kernel, even if the OS is not based on FreeBSD)
Nintendo Switch hack: what it means for the end user
For now, this hack doesn’t mean much for the end user: nothing’s been released yet, and this is only a userland eploit. Although it might allow running unsigned code, hackers are typically after a bigger prey: Kernel access. I wouldn’t be surprised if nothing was released until hackers get a better understanding of the console’s internals, and potentially find privilege escalation vulnerabilities (kernel exploits).
But since the vulnerability is apparently public, it is very likely that Nintendo will quickly release a firmware update with a patch for the Switch. As always, people looking to hack their console will want to wait patiently on a low firmware.
source: qwertyoruiop
Already? Wow.
Simon Smith eVestigator here. This by far is an absolute disgrace. Not only does it show the company has no capacity to finish the SDLC. Not only is it unethical practice, but as a Master Software Lifecycle Developer of all levels in industry for 21 years and a Cyber Security Expert and CEO, the payment of $20,000 is in no way any sum of money that would compensate $1 an hour for a Systems Tester, Beta Tester or User Acceptance Tester.
From a board level perspective, if this is their approach to the Software Development Life Cycle, then I am majorly concerned what their approach is to (if any) their Cyber Security mitigation strategy. This is not only alarming to any professional in the industry to place a ‘bounty’ to take a step outside of the normal phase to bring a product to the market, it is an invitation to invite ‘computer hackers’ not ‘mitigation experts’ to shortcut this very important step.
I am a reverse engineer, often de-obfuscate malware, and am certified a an ethical hacker. The term ‘hacker’ however is turned upside down here and is essentially ‘technically only’. The mere fact they either don’t have faith or competence in their own staff, or they have not even invested in this core competency gives me reason to believe they operate a company which is a high Cyber Security risk to the world. If this is the approach they take to security, then I wonder how they deal with real Cybersecurity breaches, breaches their ‘hackers’ cannot see. For example internal corporate social engineering of their employee user base that would take an average company 300 days to discover.
As a true software developer expert from start to finish in this industry, and a Cyber Security expert, I really cannot believe it has come to this. All I can say is, ‘no wonder’.