• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Switch hacked through old webkit exploit

M

MUnited83

For you.
http://wololo.net/2017/03/11/nintendo-switch-already-hacked-known-vulnerability/

It appears that the not-so-well hidden Nintendo Switch browser shipped with a bunch of old vulnerabilities that hackers were able to leverage. Yesterday, hacker qwertyoruiop (known for Jailbreaks of multiple iOS versions, and who also contributed to the PS4 1.76 Jailbreak) posted a screenshot of what seems to be a Webkit exploit running on the Nintendo Switch.

Nintendo Switch hack leverages known webkit vulnerability
According to the hacker, “all” he had to do was slightly tweak his existing jailbreakMe iOS Webkit exploit (hence the mention of iOS and pangu in the screenshot) and remove iOS specific code from it. Although qwertyoruiop has not provided any proof or release besides a screenshot, the hacker’s reputation makes it highly unlikely to be a hoax (I do not have access to the hack or a Nintendo Switch here to verify. It might actually be the first time in history that people could get their hands on a console hack more easily than on the console itself).

C6m42xfUwAAP6Qg.jpg

For now, this hack doesn’t mean much for the end user: nothing’s been released yet, and this is only a userland eploit. Although it might allow running unsigned code, hackers are typically after a bigger prey: Kernel access. I wouldn’t be surprised if nothing was released until hackers get a better understanding of the console’s internals, and potentially find privilege escalation vulnerabilities (kernel exploits).

But since the vulnerability is apparently public, it is very likely that Nintendo will quickly release a firmware update with a patch for the Switch. As always, people looking to hack their console will want to wait patiently on a low firmware.
Click to expand...
 
N

Nightbird

Member
I almost feel bad for Nintendo.

They chose to not implement a Web browser on launch to make sure the function wouldn't be used to hack the Switch when released.

Hackers proceed to hack the Switch anyway.


All that trouble for nothing.
 
TVexperto

TVexperto

Member
So this doesnt mean anything since there are no games running? Same with all the "PS4 jailbreak" articles that went nowhere
 
jediyoshi

jediyoshi

Member
TVexperto said:
So this doesnt mean anything since there are no games running? Same with all the "PS4 jailbreak" articles that went nowhere
Click to expand...

Nintendo Switch hack: what it means for the end user
For now, this hack doesn’t mean much for the end user: nothing’s been released yet, and this is only a userland eploit. Although it might allow running unsigned code, hackers are typically after a bigger prey: Kernel access. I wouldn’t be surprised if nothing was released until hackers get a better understanding of the console’s internals, and potentially find privilege escalation vulnerabilities (kernel exploits).​
 
jts

jts

...hate me...
Nightbird said:
I almost feel bad for Nintendo.

They chose to not implement a Web browser on launch to make sure the function wouldn't be used to hack the Switch when released.

Hackers proceed to hack the Switch anyway.


All that trouble for nothing.
Click to expand...
Citation needed.

I guess they also didn't make Netflix or Youtube available because of those nasty hackers. What about the virtual console?
 
blu

blu

Wants the largest console games publisher to avoid Nintendo's platforms.
Time to get a switch, I guess.
 
N

Nightbird

Member
BibiMaghoo said:
They chose to implement one then hide it poorly is my understanding.
Click to expand...

Wasn't that only so the device could be connected to Hotspots?

jts said:
Citation needed.

I guess they also didn't make Netflix or Youtube available because of those nasty hackers. What about the virtual console?
Click to expand...

Why are you assuming that I'm defending them?

The Browser was needed to hack both the 3DS and the WiiU, so it makes sense that Nintendo would try to make that not happen with the Switch.

I don't know what Netflix/YouTube or VC have to do with that
 
F

Falk

that puzzling face
NSESN said:
Isn't it the same thing that was posted about a week ago?
Click to expand...

If you're talking about the random tweet with what presumably was video of PSX startup playing on a Switch tablet with no other further elaboration, no, this doesn't appear to be the same.
 
Robin64

Robin64

Member
Falk said:
If you're talking about the random tweet with what presumably was video of PSX startup playing on a Switch tablet with no other further elaboration, no, this doesn't appear to be the same.
Click to expand...

Probably means this, which can be used to display any webpage you want. The above screen could easily be made with this method.
 
jts

jts

...hate me...
Nightbird said:
Why are you assuming that I'm defending them?

The Browser was needed to hack both the 3DS and the WiiU, so it makes sense that Nintendo would try to make that not happen with the Switch.

I don't know what Netflix/YouTube or VC have to do with that
Click to expand...
I'm not defending them or attacking them either.

I'm just saying that, despite a web browser being a common vector for attacks on any device, we don't have evidence that that was the reason why a web browser app wasn't available at launch - seeing how barebones the whole launch is/was. Especially as a web browser is implemented anyway for captivity portals which hackers would get easily access to.

Imo things just point to Nintendo wanting to have a very feature-basic Switch at launch, whether by choice or due to time constraints.
 
Solo Act

Solo Act

Member
I had an OG Xbox, PSP and Vita - three systems that I believe were famous for running exploited software, and I never had any interest at all.

On the Wii U though, with it's lack of software support for long stretches, having a ton of GameCube games on my SD Card was worth the effort for me to figure it out. I love my Switch so far, but there is exactly one game for it that I own, and it'll be 6 weeks until the next. If this leads to GameCube or something special like Dreamcast or Arcade emulation, bring it on.

And if that happens I do feel badly for Nintendo. They just seem like they're years behind when it comes to security stuff. The Switch launched 9 days ago! Sheesh.
 
T

Thraktor

Member
blu said:
Time to get a switch, I guess.
Click to expand...

With how cheap Switch dev kits reportedly are, if you're just looking for a Switch unit to run your own code on the official route may end up being simpler.

BernardoOne said:
No. It is speculated that it runs on FreeBSD (same as PS4), although the hacker that did this exploit said that the syscalls don't look like typical FreeBSD syscalls.
Click to expand...

Not speculated, known. There's FreeBSD license info somewhere in the system menus.
 
blu

blu

Wants the largest console games publisher to avoid Nintendo's platforms.
Thraktor said:
With how cheap Switch dev kits reportedly are, if you're just looking for a Switch unit to run your own code on the official route may end up being simpler.
Click to expand...
Good point. I totally forgot about the devkit pricing.
 
R

RM8

Member
Hope Nintendo squashes this soon. It's waaaaaaaay too early for this and the last thing we need is Switch software not selling well :(
 
T

Thraktor

Member
Skyzard said:
I don't think it will top Vita with its screen, d-pad and portability.
Click to expand...

As an owner of an OLED Vita, I actually prefer Switch's screen. Even aside from being larger and higher resolution the colour reproduction is excellent and it has very good brightness and contrast. Vita's screen certainly had a wow factor at the time of release due to the contrast you get from OLED, but it's very clearly an early OLED panel, and high quality modern IPS (like Switch uses) have caught up in every aspect but black levels (and many Vita OLED panels have splotchy blacks anyway), and are far superior in almost any other aspect.

Plus, if you're emulating a 240p game then a 720p resolution is ideal.
 
S

superNESjoe

Member
Thraktor said:
With how cheap Switch dev kits reportedly are, if you're just looking for a Switch unit to run your own code on the official route may end up being simpler.



Not speculated, known. There's FreeBSD license info somewhere in the system menus.
Click to expand...

Except they don't just give them to anyone willing to pay.
 
C

Camper Van Beethoven

Banned
Nightbird said:
I almost feel bad for Nintendo.

They chose to not implement a Web browser on launch to make sure the function wouldn't be used to hack the Switch when released.

Hackers proceed to hack the Switch anyway.


All that trouble for nothing.
Click to expand...

Feel bad for customers being denied features, not Nintendo.
 
M

m00h

Banned
This time I can stay on lovv firmware for ages, since I'm not even slightly interested in Nintendos online stuff. Would be even less interested with all the homebrew stuff we could get our hands on.
 
J

Jonnax

Member
Yeah. Nintendo are using a webbrowser from some unknown company.

It's obvious it'd be crap.
Google, Mozilla, Apple, Microsoft expend quite a lot of effort into security of their web browsers.
 
LordRaptor

LordRaptor

Member
jon bones said:
Hopefully this gets patched out soon, would hate for hacks and piracy to have a home on Switch.
Click to expand...

Homebrew doesn't automatically equate to piracy, but given there is an android tablet available with literally the same hardware inside capable of running any unsigned code a user wants (because its android) the homebrew aspect is a little harder to defend.
 
Rellik

Rellik

Member
jon bones said:
Hopefully this gets patched out soon, would hate for hacks and piracy to have a home on Switch.
Click to expand...

I hope it's full of hacks that leads to emulation. I then might get one.

Imagine being able to dump a copy of every Pokemon game on this.
 
N

Napalm_Frank

Member
Switch would be pretty cool emulator, especially if Ninty has Gamecube stuff all figured out.

I wonder how well it could run PSP stuff.
 
N

Nightbird

Member
jts said:
I'm not defending them or attacking them either.

I'm just saying that, despite a web browser being a common vector for attacks on any device, we don't have evidence that that was the reason why a web browser app wasn't available at launch - seeing how barebones the whole launch is/was. Especially as a web browser is implemented anyway for captivity portals which hackers would get easily access to.

Imo things just point to Nintendo wanting to have a very feature-basic Switch at launch, whether by choice or due to time constraints.
Click to expand...

I don't know, I feel there's no reason to deny the customers a web browser if it wasn't for the hacking concerns, especially since, like you said, there is a web browser in the Switch.

I've just been putting that and me knowing about the hacking on their previous consoles together.



Camper Van Beethoven said:
Feel bad for customers being denied features, not Nintendo.
Click to expand...

I never said that I approved of them doing this. I understand, but I don't approve.
It's just funny/sad to see them denying access to the browser, likely for because of hacks, and then see it being hacked anyway in basically no time.
 
You must log in or register to reply here.

Similar threads

PS5: Flat_z dumps PS5 Secure Processor, confirms he has a PS5 Hypervisor exploit (via a PS4 Game Save exploit)
Game Dev Hardware
10
2K
Red5 replied
Modern Vintage Gamer: How the Nintendo Switch Security was defeated
Opinion Trailer Hardware
2
818
Celcius replied
[VGC] Denuvo security is now on Switch, including new tech to block PC Switch emulation
News 2 3 4 5
206
10K
ReBurn replied
$70 Mortal Kombat 1 Switch version called "robbery" as graphical comparisons flood the internet
News Game Dev Platform 2 3
126
7K
Pejo replied
The PlayStation 4 has been hacked to allow for homebrew apps
Hardware Indie
44
5K
SaiyanRaoh replied
Top Bottom