The Nintendo Switch already hacked through a known vulnerability?
It appears that the not-so-well hidden Nintendo Switch browser shipped with a bunch of old vulnerabilities that hackers were able to leverage. Yesterday, hacker qwertyoruiop (known for Jailbreaks of multiple iOS versions, and who also contributed to the PS4 1.76 Jailbreak) posted a screenshot of what seems to be a Webkit exploit running on the Nintendo Switch.
Update 2017/3/12: A proof of concept confirming the exploit has been released by another developer.
Nintendo Switch hack leverages known webkit vulnerability
According to the hacker, “all” he had to do was slightly tweak his existing jailbreakMe iOS Webkit exploit (hence the mention of iOS and pangu in the screenshot) and remove iOS specific code from it. Although qwertyoruiop has not provided any proof or release besides a screenshot, the hacker’s reputation makes it highly unlikely to be a hoax (I do not have access to the hack or a Nintendo Switch here to verify. It might actually be the first time in history that people could get their hands on a console hack more easily than on the console itself).
This implies Nintendo might have rushed the release of the Switch, if they released it with known Webkit vulnerabilities on the browser. I doubt they assumed people would not think of tampering with the hidden browser on day 1…
People with particular sets of skills (Liam Neeson can participate, but I was more thinking of people with a programming/hacking background) and access to a Nintendo Switch might be able to easily verify the claim: qwertyoruiop’s Jailbreak code can apparently be found here for people to play with.
I’m suspecting that many other hackers, in particular in the 3DS/Wii U scene, were already looking into similar vulnerabilities. Qwertyoruiop has already started digging deeper, mentioning that the Switch’s syscalls don’t look like FreeBSD. This goes in the direction of what Plutoo had said before, that the Switch’s OS might be a new iteration of the 3DS OS code, rather than FreeBSD based (it’s still very likely however that the Switch uses elements from the FreeBSD kernel, even if the OS is not based on FreeBSD)
Nintendo Switch hack: what it means for the end user
For now, this hack doesn’t mean much for the end user: nothing’s been released yet, and this is only a userland eploit. Although it might allow running unsigned code, hackers are typically after a bigger prey: Kernel access. I wouldn’t be surprised if nothing was released until hackers get a better understanding of the console’s internals, and potentially find privilege escalation vulnerabilities (kernel exploits).
But since the vulnerability is apparently public, it is very likely that Nintendo will quickly release a firmware update with a patch for the Switch. As always, people looking to hack their console will want to wait patiently on a low firmware.
source: qwertyoruiop
Good we love to pirate games hope it’s released soon.
Yea coz that will really help the current massive switch game lineup *sarcasm*
You do realize what will happen if *** gets pirated this early on right? The switch’s life span will already be over.
Good to see people loving the idea of killing of the console this early…
_DF_ Glad someone said it. If the hack is non piracy related I’m okay with that but not okay with piracy. This early we might as well just wait for a Switch 2 if people are excited about ruining a new platform.
Luckily enough since this is a userland level exploit, there’s little to no way it in itself could be used for piracy.
I just hope nintendo sends out ban waves to everyone detected on a hacked console if going online, honestly that’s the only thing they can do at this point to combat piracy if it gets hacked that far.
Exactly! Look at what happened to the Dreamcast. You could literally burn an ISO and be done.
The exact same thing could be done on PS1. What a horrible failure that was, amiright?
PS1 Not without a modchip
Yeah, any cd based system (pre dvd era) has easy exploit. On PS1/Saturn you could Swap Trick (even on PS2 or PS3 with some mod on the lid sensor or other system like the Sega CD or Jaguar CD or 3DO has no copy protection and the Dreamcast has the MIL-CD Exploit. Then with Gen 6, they upped their game and was requiring mod chip (except PS2 since 2008 with the Free McBoot Exploit or Xbox’s save game exploit), their was even some fake game disk for swap tricking at the time. Then, gen 7 was requiring firmware exploit.
The Dreamcast died because of the PS2. Full Stop.
Sales charts prove this. If the Dreamcast had used DVDs it might have been able to corner Sony out of their initial success, people buying a PS2 because it was the cheapest and best value early DVD player.
But Sega Sega’d it up pretty good. Also, most critically, when the PS2 came out the Dreamcast had a drought of good games because developers were switching and Sega was out of money to develop any real games without jeopardizing their exit strategy, which the Dreamcast was always part of because it also sold far better than they expected.
The game tap dried up, Sega went bankrupt creatively and the rest is history. Piracy didn’t hurt the Dreamcast nearly as much as people claim it did. It didn’t help but it was hardly the death bringer.
Yes, just look at the PSP and the Vita. PSP is considered one of the worst consoles ever in a selling point perspective, and Vita the best…. Or was it the other way around? And the DS had pirate cards from almost the get go..
If you look at it, consoles with good pirate protection usually ends up doing worse than their counterparts..!
But the Swith life is already over!!!
No, it doesn’t mean that. 3DS and DS both had massive piracy and both were massive successes. The vast majority of people have no idea how, nor care to learn, how to use exploits.
There’s no correlation between the sales of a console, or games, and piracy.
You could argue that piracy drives hardware sales, just as much as you could say it hurts.
Thank you. The only person here who speaks out if his mouth and not his a$$. I don’t condone piracy, but it has been around for a very long time. Do you research, PS1, PS2, Xbox 360, etc. The Wii was also “hacked” and had different modchips and sold millions. The WiiU was a huge failure and wasn’t hacked until near the end of it’s lifespan. Do some research, please.
But all was not so early hacked and also not that easy. A Modchip or a extra Card like on the DS are not that easy to get, must first been developed, produced (what cost many time) and it cost extra money. A simple Browser hack cost nothing, only a bit time.
PS1, PS2, XBox 360, DS, Wii… all was already good running platforms with a good lineup before they get hacked for piracy.
And other Game Developers than Nintendo, have nothing from sold Switch consoles, when too much Switch Users download there games illegally. And even Nintendo need Money to develop games.
So stop to argument that piracy didn’t harm a console. It do, when too much too early download games instand to buy them than no one will develop for this platform anymore. Too high risk that you never will see the spend money for the game back including some profit.
@DrRetro: Again, there’s no correlation.
There’s no way to prove that a person who pirates a game ever intended to buy the game in the first place.
Likewise, there’s no way to determine if a person who pirated a game was then led to buy the game afterwards.
Right now, you’re just speculating that a vast majority of Switch owners will pirate games based on things that haven’t happened yet, and historically, have never happened.
There’s never been a console where piracy was the sole cause of its failure. Even the Dreamcast.
of course i am, i hate nintenduh
So wait didn’t Nintendo already kill their own console?.. lol the WII U it was not because of piracy either.
The wii u wasn’t hacked until a year before it died and it was an utter failure, the wii was hacked shortly after it was released and it’s one of Nintendo’s best selling consoles. I think this argument needs to die because it’s like beating a dead horse.
In healthy enviroment, not much would have happened. But for restricted console enviroment… who knows. Perhaps nintendo will need to find other way to encourage people to buy their games, in case piracy happens so soon.
how can any assume copied games are already possible, people have barely begun looking at the Switch, if they have things sorted this quickly then they’re gooooooooooooooooooooooooooooooooooooooooood at what they do but i think it is unlikely that people have gotten right into the flesh of the Switch
You don’t speak for me.
Nintendo Switch : Dead on Arrival
I don’t care if it’s userland only… I just want the darn exploit… Do u guys KNOW the homebrew we could build with this!?… PortalSwitch is honestly something I wanna see!… I don’t care about online capability but if needed I’d buy 2 switches… One for retail games and one exclusively for Homebrew
Wouldn’t it be better value to just buy an nVidia Shield though? Its more powerful.
Although admittedly, Switch is a vastly superior form factor.
I think we all knew old webkit exploits worked on the switch? Why such an uproar? Once someone gets a payload which launches unsigned code I’ll be amused.
I think what’s shocking is that it’s a known vulnerability, meaning the browser is really not up to date in terms of security. This points to a rushed release, meaning there might be more “easy” gems to uncover in the kernel
Yeah, was that an old iOS 3.X.X exploit from the old day around 7 years ago ? If that the case, *** Nintendo’s outdated…
Nintendo rushed the Switch?
Impossible, they always wanted to release their newest console with a single game, a full-priced techdemo and bomberman.
Don’t forget “Pokemon – Geriatric Edition”
Do it. Release the exploit and teach Nintendo the harsh lesson they need. They have been far too careless and arrogant for too long, and Miyamoto needs to pay dearly for how badly he sc*** over Argonaut and other companies, as well as customers, and even loyal fans who only wanted to do reviews of their games. If they go out of business over it, I won’t lose sleep. They are probably not Konami level bad yet, but they are getting close.
i bet number of Nintendoges won’t decrease even with major nintenduh screwups.. they gladly die for their master.
I’m not usually the death and destruction type, but yeah, this. NOJ needs a serious wakeup call, hacking the switch this early would be a mercy. If it’s done now, before they sink too much money into it like Sega did, maybe Nintendo can recover? I’m all for a new opening in the market, but the nearest competitors where the Steam Machines and those seem to be on ice right now.
even with a hack I don’t feel attracted to Nintendo at all…
Switch + hack = NVidia Shield K1 + gamepad controls = much more interesting. 😉
With that hardware should also Android not be a so difficult stuff and than you have really a tablet with hardware game controls.
I have an NVidia Shield K1 and I didn’t really play on it… why? because a gamepad on a tablet is not the same as a real handheld.
Actually, you are wrong. It would be the Nvidia shield X1 with gamepand controls
Ok, thats right, but there is no and will be no Shield X1 tablet.
Why do Sony and Nintendo keep using Webkit for their browsers? By this point, they have to know that it’s vulnerable to these kind of exploits. Just look at Microsoft, who used their own web browser and has been the only one this generation not to get easily hacked.
I mean, don’t get me wrong, I like to hack my systems to get extra features and what not, but I don’t get the business decision of using something like Webkit when there are other possible alternatives that are far less vulnerable.\
You know how things go, you spend alot of time and effort making your system a fort knox and then realize you totally forgot about the simplest and easist methods to get in
It’s not really about their using Webkit (though Webkit/Blink does look more and more like a bad idea for consoles), it’s about the company that makes their browsers off of the engine: Access Co. Ltd. Sony and Nintendo go to them because they’re pretty much the only company in Japan that markets a web browser product. (Netfront Browser NX)
Pretty sure Nintendo would have been more secure if they stuck with Opera as their browser. For one thing, Opera actually UPDATES. Also it would have been more secure initially, on the 3DS and Wii U: the Presto layout engine isn’t exactly a high-priority target for hackers.
All web browsers are horribly insecure, and writing a new one is a gargantuan effort.
The DS sold 150 million
The PS2 sold 200 million
The Wii sold 100 million
What do they all have in common? They all had rampant piracy, and yet, they were all commercial successes, hmm, that’s a mystery.
I agree. I think moderate piracy will help Switch like it (didn’t hurt) above mentioned consoles
The PS2 sold 157 million copies, don’t spread fake data.
while I agree piracy helps console sales a bit, that comment is a little vague, I’m pretty sure the DS sold alot before it was hacked because it was a successor to gba that looked amazing in comparision and had twin screens. The Wii because it was something not really seen before and the casual market soaked it in with its wireless magic wands, and the PS2, well Sony was in a roll at that time, everything with Playstation on it was selling like hot cakes.
Again piracy helped but even without piract i’m sure they would still have sold an insane amount.
Only supports idea that piracy is natural for system. It happens on PC too, yet when you have good company that cares about playerbase like CDprojekt people will buy their games. On the other hand crappy ones like EA or Ubisoft… though even their stuff get sold, miracously.
You can always count on 8 years old kids leeching of their parents’ wallet and a bunch of manchildren to make these greedy *** company rich
People buy the console and then pirate the games.
And Nothing released yet for ps vita 3.63? If u dont like piracy come to my country, work more than 10 every day and pay the most high tax in the world, i doubt if you will keep hate piracy on games.
They’re getting close to the kernel on the Vitas…For now best to stick to 3.60 on Vita and PSTV…
At least there’s no virtue signalers calling foul on piracy here and using it as a reason systems fails *cough* Vita *cough*.
This is fantastic news. If we can pirate Zelda then we can pirate all
Games and make this system great like the Wii U is and 3ds. You can steal games on those and they still sell like hot cakes.
the wii U sold like hot cakes? That’s news to me. So is it being a ‘great’ system.
This doesn’t promise piracy at all, it’s proof of concept at best, and Nintendo will likely patch this up in a matter of time.
Nintendo seems to understand that no matter what they do, there console will be hacked one way or another. Sony however uses all of their time to try to fight back against hacks and update their firmware all the time.
Sony has every right too, piracy is a delicate balance, sure it can boost sales but it could also end a system too early costing alot of money. Microsoft and Sony invest loads more money into their systems that Nintendo.
Also Nintendo seems to be too busy annoying youtubers with their “don’t post nintendo content” instead of piracy lol
Sony sells and makes good hardware. Then they lock it down so that the consumer can only do what Sony allows them to do. Technically that is their right. I don’t agree with the policy. I loved the psp, even if the utility of the device was nerfed. i liked the ps3, and Sony nerfed OS support. I think that Sony needs to think beyond the “console war”. they used to, even if it was only for tax liability reasons {OS support was to exploit an EU sales tax loop hole}. Modern game systems are computers. US airforce has a few ps3 super-cluster machines used for serious work. A few large universities used them as well. They should be treated as such with the freedom to change the OS If desired modern handheld system are competing head to head with cellphones and tablet when it comes to on-the-go entertainment. that market is cut throat and fierce. If these companies want to compete they will need to up their game.