CATEGORIES
home News

Every Nintendo Switch Now Hackable Thanks To An Unpatchable NVIDIA Tegra Exploit

by Paul LillyTuesday, April 24, 2018, 10:26 AM EDT
ReSwitched

Nintendo has shipped around 15 million hybrid Switch consoles to date, and that number will continue to grow, especially as more AAA titles land on the system. That's good news for Nintendo. The bad news (for Nintendo), however,  is that each and every one of them is vulnerable to a hack that could allow the execution of arbitrary code, and there does not appear to be a way of fixing it.

Hardware hacker and modder Katherine Temkin and the hacking team at ReSwitched published an "exploit chain" for the Switch that goes into great detail on the security flaw. They're calling it the Fusée Gelée coldboot vulnerability, and in short, it leverages a vulnerability that exists in the NVIDIA Tegra X1's USB recovery mode. The exploit bypasses lock-out operations that normally would protect the chip's bootROM.

"As this vulnerability allows arbitrary code execution on the Boot and Power Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the entire root-of-trust for each processor, and allows exfiltration of secrets e.g. burned into device fuses," Temkin explains.

The exploit works by forcing the Switch into USB recovery mode by shorting a pin on the right Joy-Con controller. There is a special plug-in device that makes this easy, and once in there, a payload is sent during the USB check that forces the system to "request up to 65,353 byes per control request," which is way more than the console can handle. That in turn causes a DMA buffer overflow in the bootROM, providing hackers access to what is supposed to be a protected area.

What makes this so tricky for Nintendo and NVIDIA is that neither company can just issue a software patch to fix the flaw. Once the chip leaves the factory, there is nothing that can be done, at least in terms of directly addressing the issue. What Nintendo could do instead, however, is push an update that checks whether a Switch has been hacked when accessing its servers, and then ban those systems.

Now that this vulnerability is made public, it's probably just a matter of time before a hacker or modder figures out how to leverage it to emulate games on the Switch. There are legitimate use case scenarios for hacking a Switch, though the concern for Nintendo is that users would be able to run pirated games. We'll just have to wait and see how this all plays out, and how Nintendo decides to handle the situation.

Thumbnail/Top Image Source: GitHub via Katherine Temkin
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment